Industrial  strength  Technologies  from  industrial 

Ethernet  to  RFID  took  center  stage  at  a  key  manufacturing  show.  PAGE  8. 


Testing  Foundry  10G  Ethernet  switch  impresses 

with  power,  raises  questions  about  failover  capabilities.  PAGE  10. 
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Hackers, 
crackers, 
carders 
and  thieves 

have  it  in  for  your 
network,  but  knowing 
what  makes  them  tick 
can  lead  to  better  security. 

Learn  about  the  behavior 
patterns  exhibited  in  actual 
attacks  against  a  bank,  online 
merchant  and  brokerage  firm, 
and  what  countermeasures  you 
should  take  to  guard  /-| 

against  such  incidents.  uTIWJkj 


Microsoft 
to  make 
its  software 
‘behave' 

■  BY  ELLEN  MESSMER 

SAN  FRANCISCO  —  Microsoft’s 
revelation  last  week  that  it  is 
adopting  a  new  approach  to 
computer  security  dubbed  “be¬ 
havior  blocking”  represents  a  rad¬ 
ical  shift  in  the  company’s  soft¬ 
ware  design  strategy  that  could 
pay  off  for  attack-weary  Windows 
users,  industry  watchers  say 

Microsoft’s  embrace  of  behav¬ 
ior  blocking  —  a  technique  for 
protecting  applications  and  oper¬ 
ating  systems  from  worms  and 
other  attacks  by  recognizing 
when  computers  aren’t  acting 
like  themselves  —  was  one  of 
several  security  initiatives  out¬ 
lined  by  the  company  and  others 
at  last  week’s  RSA  Conference. 
Behavior  blocking,  already 
See  RSA,  page  12 


Doubts  dog 
Microsoft 
spam  plan 


■  BY  JOHN  FONTANA, 

CARA  GARRETSON  AND 
ELLEN  MESSMER 

Even  with  Microsoft  lending  its 
clout  to  an  expanding  anti-spam 
movement  centered  on  authenti¬ 
cating  e-mail  senders,  experts 
caution  the  approach  comes 
laden  with  technical  challenges 
and  unanswered  questions. 

The  software  giant  last  week 
published  its  Caller  ID  for  E-mail 
specification,  which  lays  out  how 
to  thwart  the  spoofing  of  e-mail 
addresses,  a  popular  spammer 


trick.  The  specification,  which 
Microsoft  hopes  will  become  a 
standard,  is  the  first  piece  of  the 
company’s  long-term  spam-fight¬ 
ing  strategy  called  the  Coor¬ 
dinated  Spam  Reduction  Initia¬ 
tive  (CSRI), which  also  was  intro¬ 
duced  last  week  at  the  annual 
RSA  Conference  in  San  Francisco. 

Caller  ID  is  one  of  several  IP- 
based  proposals  addressing 
sender  authentication,  including 
efforts  such  as  the  Sender  Policy 
Framework  (SPF)  launched  by 
anti-spam  researcher  Meng  Weng 
See  Spam,  page  12 


It’s  a  new  domain-name  game 


■  BY  CAROLYN  DUFFY  MARSAN 

Touchstone  Energy,  an  alliance 
of  600  user-owned  electric  utili¬ 
ties,  is  at  the  forefront  of  a  trend 
toward  businesses  adopting  spe¬ 


cialized  domain  names  to  market 
their  wares  on  the  Web. 

Touchstone  Energy  has 
switched  its  primary  Web  site 
from  a  domain  name  ending  in 
the  .com  to  a  name  ending  in 


.coop,  which  is  reserved  for  com¬ 
panies  that  are  owned  by  their 
customers.  The  .coop  extension 
was  one  of  several  new  top-level 
domains  that  became  available 
two  years  ago. 

“We’re  probably  the  most  preva¬ 
lent  cooperative  in  the  nation  as  it 
relates  to  broadcasting  the  differ¬ 
ence  of  the  cooperative  business 
model,”  says  COO  Jim  Bausell. 
“Switching  to  .coop  in  our  URL 
was  one  more  way  to  reinforce 
the  difference  between  us  and 
investor-owned  utilities.” 

Touchstone  Energy  still  owns  its 
See  Domain  names,  page  14 


Gamers  get  a  league 
of  their  own 

Even  moms  are  asking  for 
autographs  from  pros. 

■  BY  JULIE  BORT 


o  your  friends  call  you  the 
%  Counter-Strike  god  —  among 
them  you’re  the  undisputed 
champion  of  the  anti-terrorist  com¬ 
puter  game.  Ever  think  of  going  pro? 

No  joke.  As  the  popularity  of  com¬ 
puter  games  such  as  Counter-Strike, 
See  Gamers,  page  57 
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Introducing  Firebox*  X.  The  fully  integrated,  expandable 
network  security  appliance  that  intelligently  grows  as  you  do. 
Unlock  the  potential  today. 

WatchGuard  . 

Firebox>; 
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The  Security  You  Really  Need.™  WatchGuard^jF 
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What  are  hackers  thinking?:  Understanding  their  behavior  and 

motivations  can  lead  to  better  network  security.  We  analyzed  three  real  cases  — 
a  digital  break-in  at  a  financial  institution,  the  rooting  of  an  e-commerce  hosting 
provider  and  insider  information  theft  —  to  identify  the  attack  patterns  and  the 
countermeasures  you  can  take  to  protect  against  them.  Page  40. 
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Secure  she!  software 

Tectia  4.0  from  SSH  Communications  Security  provides  convenient,  secure  file  transfers.  Page  45. 
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t’s  better  for  your  network:  anti-spam  appliances  or  anti-spam  software?  Two  industry  insiders  square  off.  Page  47. 
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VeriSign  suit  calls  ICANN  obstructionist 

■  VeriSign  last  week  filed  a  lawsuit  against  the  Internet  Corporation 
for  Assigned  Names  and  Numbers,  accusing  the  organization  of 
overstepping  its  authority  and  improperly  attempting  to  regulate 
VeriSign’s  business.  VeriSign  alleges  that  ICANN,  by  straying  from  its 
charter  and  agreement  to  be  a  technical  coordination  body  has 
improperly  attempted  to  become  the  “de  facto  regulator  of  the 
domain  name  system  and  in  doing  so  stifled  the  introduction  of 
new  services  that  benefit  Internet  users  and  promote  the  growth  of 
the  Internet,”  VeriSign  said.  VeriSign  accuses  ICANN  of  dragging  its 
feet  on  letting  VeriSign  offer  new  services  such  as  a  wait-list  service 
for  expired  domain  names  and  internationalized  domain  names  in 
non-English  characters,  a  VeriSign  spokesman  said.  VeriSign  also  dis¬ 
putes  ICANN’s  objections  that  forced  it  to  take  down  its  Site  Finder 
Internet  search  service,  said  Tom  Galvin, VeriSign’s  vice  president  of 
government  relations.  ICANN  did  not  have  an  immediate  response. 

Oracle  to  fight  DOJ  over  PeopleSoft 

■  Oracle  last  week  said  it  will  “vigorously  challenge”  the  Department  of  Justice’s  lawsuit 
seeking  to  block  its  attempted  takeover  of  rival  PeopleSoft.  It  also  said  it  will  withdraw  the 
slate  of  nominees  it  put  forward  for  election  to  PeopleSoft’s  board  at  the  company’s  upcom¬ 
ing  shareholder  meeting.The  Justice  Department  indicated  earlier  it  was  likely  to  object  to 
the  deal,  and  Oracle’s  decision  to  battle  the  agency  in  court  came  as  no  surprise  to  many 
Its  move  to  drop  its  push  for  seats  on  PeopleSoft’s  board  was  a  more  unexpected  twist. 

IBM  to  Sun:  Put  up  or . . . 

■  IBM  and  Sun  have  a  new  favorite  weapon  in  the  public  wrangling  over  Java  develop¬ 
ment  leadership:  the  open  letter.  IBM’s  Rod  Smith, vice  president  of  emerging  technologies 
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Sure,  it’s  safe.  See,  as  long  as  you  keep 
one  foot  on  the  ground, you’re 
never  in  danger  of  tipping  over” 
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Douglas  Lancaster  of  British  Columbia  is  the 
latest  winner  of  our  weekly  photo  contest 
He's  earned  our  respect  +3  intelligence  and 
a  fantabulous  prize  off  the  bottom  shelf  of 
our  marketing  closet.  Check  out  Layer  8 
every  Monday  for  the  latest  contest  photo 
and  use  your  wit  for  good  instead  of  evil. 
www.nwfusion.com/weblogs/layer8/ 


Good  Bad  Ugly 

The  bare  facts  on  DSL  Qwest  last 

week  broke  rank  with  the  other  RBOCs  to  become 
the  first  to  offer  "Naked  DSL,"  that  is,  DSL  service 
that  doesn't  require  the  customer  to  also  buy 
regular  phone  service.  > 

Taking  responsibility.  Talk 

about  bad  blood.  Here's  what  David  Sutphen, 
the  Recording  Industry  Association  of 
America's  vice  president  for  government 
relations,  had  to  say  to  peer-to-peer 
software  vendors  last  week:  "It’s  our 
responsibility  to  protect  our  stuff  by  putting 
digital  rights  management  on  it,  it’s  IT's 
responsibility  to  put  something  in  their 
software,  it's  fconsumer  electronics  companies'] 
responsibility  to  put  something  in  devices,  but 
you  guys  don't  have  any  responsibility, 
that's  fundamentally  wrong." 


Security  for  dummies.  Paul 

Kocher,  president  and  chief  scientist  of 
Cryptography  Research,  chastised  Microsoft  for 
making  its  latest  security  efforts  too  difficult  to 
implement:  "As  a  species,  we're  not  smart 
enough  to  handle  the  complexity  of  this  stuff. 
You  have  to  get  the  complexity  out  of  there." 


for  the  company’s  software  group,  fired  off  the  latest  salvo  last  week,  jumping  on  Sun  tech¬ 
nology  evangelist  Simon  Phipps’ suggestion  at  the  recent  EclipseCon  that  IBM  give  its  Java 
implementation  to  the  open  source  community  IBM  has  for  years  encouraged  Sun  to 
open  source  Java,  and  Smith  took  advantage  of  Phipps’ comment  to  again  push  that  agen- 
da.“Here  is  the  offer:  IBM  would  like  to  work  with  Sun  on  an  independent  project  to  open 
source  Java,”  he  wrote.“IBM  is  ready  to  provide  technical  resources  and  code  for  the  open 
source  Java  implementation  while  Sun  provides  the  open  source  community  with  Sun 
materials,  including  Java  specifications,  tests  and  code."  Sun  did  not  have  an  immediate 
response  to  IBM’s  tossed  gauntlet.The  company  fired  off  its  own  open  letter  on  Java  devel¬ 
opment  recently,  when  it  reiterated  its  decision  not  to  join  the  IBM-backed  development 
efforts  around  the  Eclipse  open  source  platform. 

Microsoft  mulling  pre-Longhorn  release 

■  Microsoft  is  pondering  ways  to  add  features  to  Windows  XP  after  the  release  of  Service 
Pack  2  later  this  year.  The  discussions,  under  the  project  name  Windows  XP  Reloaded, 
could  result  in  an  interim  release  of  Windows  before  Longhorn.  Such  a  release  would  rep¬ 
resent  a  strategy  change  for  Microsoft,  but  not  an  entirely  unexpected  one.  Gart¬ 
ner  analysts  have  predicted  that  Microsoft  would  offer  an  interim  release  of  Windows  to 
placate  customers  who  signed  up  for  its  Software  Assurance  licensing  program,  which 
provides  three-year  contracts  for  software  maintenance  and  upgrades. “We’re  looking  at 
what  our  options  are  in  terms  of  delivering  what  our  development  team  creates  in  terms 
of  new  technologies  to  our  customers,”  says  Greg  Sullivan,  a  Microsoft  product  manager. 
“This  is  not  an  announcement  of  a  second  edition  of  Windows  XP  There  is  a  range  of 
options.” 

AT&T  paints  Wall  Street  a  rosy  picture 

■  AT&T  last  week  reinforced  its  message  of  reducing  costs  while  fighting  to  keep  cus¬ 
tomers  at  the  carrier’s  first  financial  analyst  meeting  in  three  years.  AT&T  Chairman  and 
CEO  David  Dorman  opened  the  day  by  promoting  the  carrier’s  successes  in  process  reme¬ 
diation,  reducing  complexity  and  costs  in  its  network  by  decommissioning  160  legacy  sys¬ 
tems  and  further  head  count  reductions  for  2004.  Like  most  carriers,  it  is  struggling  to  turn 
around  revenue  declines  by  improving  internal  operations.  But  last  month  when  AT&T 
announced  its  fourth-quarter  earnings,  it  was  clear  that  AT&T  also  was  losing  business  cus¬ 
tomers.  Bill  Hannigan,  who  took  the  reins  as  president  in  December,  says  the  carrier  is 
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Business  Service  Management  solutions  from 
BMC  Software®  can.  In  fact,  they  let  you  predict 
critical  performance  problems  and  resolve  them 
before  they  ever  impact  your  business.  And  you 
can  prioritize  IT  management,  investments  and 
resource  allocations  to  optimize  your  business 
performance.  So  you  can  solidly  align  your  IT 
investments  with  strategic  business  goals. 


And  protect  the  delivery  of  vital  business  services 
like  sales,  customer  service,  online  transactions, 
logistics  and  distribution — whatever  is  most 
critical  to  your  company's  success.  It's  enterprise 
management  software  that  works  with  your  existing 
IT  resources  to  let  you  manage  what  matters  from 
a  business  perspective  and  execute  with  precision. 
Find  out  how  at  www.bmc.com/bsm25 


©  2003  BMC  Software  Inc. 


<bmcsoftware 


NetworkWorld 


3/1/04 


News 


Shop  talk:  Factories  embracing  IP 

Manufacturing  conference  highlights  networking's  role  in  linking  factories,  back-end  systems. 


a  BY  PHiL  HOCHMUTH 

CHICAGO  —  Manufacturing 
companies  are  IP-enabling  their 
shops  to  pull  real-time  data  off 
the  factory  floor  and  into  back¬ 
end  databases  and  ERP  systems. 
These  firms  say  the  goal  is  to  drive 
productivity  and  increase  cus¬ 
tomer  satisfaction,  while  lowering 
the  costs  of  network  downtime 
and  waste. 

Myriad  technologies  —  such  as 
industrial  Ethernet,  802.11  and 
radio  frequency  identification 
(RFID)  —  were  on  display  last 
week  at  the  National  Manufactur¬ 
ing  Week  show  to  tackle  those 
issues.  Also  on  tap  were  new  soft¬ 
ware  packages  for  making  better 
use  of  data  collected  from  plants 
and  factories. 

“One  of  our  major  drivers  is  to 
take  data  from  the  infrastructure 
and  relate  it  to  the  business  pro¬ 
cess  in  order  to  lower  costs,”  said 
Greg  Catalano,  senior  staff  consul¬ 
tant  at  Boise  Cascade,  an  Idaho 
manufacturer  of  paper,  timber 
and  plywood  products. 

Boise  Cascade  uses  a  wired  and 
wireless  Ethernet  setup  to  com¬ 
municate  product  status  and 
machine  performance  data  with 
corporate  database,  ERP  and  sup- 
ply-chain  management  systems. 

The  company  is  installing  wired 
Ethernet  and  wireless  802.11- 
based  products  from  Enterasys 
Networks  in  its  plants.  The  wired 
gear  lets  data  be  collected  dir¬ 
ectly  from  factory  equipment  as 
products  are  made.  The  wireless 
LAN  (WLAN)  lets  workers  with 
Wi-Fi-enabled  tablet  PCs  do  real¬ 
time  inventory  and  plant-control 
tasks  in  the  factories. 

Linking  manufacturing  equip¬ 
ment  to  the  data  center  lets  the 
company  track  inventory  more 
effectively,  keeping  customers 
happier. 

Data  collected  from  the  pro¬ 
duction  and  wireless  inventory 
systems  is  sent  to  the  company’s 
PeopleSoft  ERP  system  and 
Oracle  database  applications. 
Web  extranet  software  lets  cus¬ 
tomers  track  orders  from  the  glu¬ 
ing-together  of  plywood  to  truck 
delivery 

“If  we  don’t  get  timber  and 
plywood  in  on  time  to  The 
Home  Depots  and  Lowes  of  the 
world,  there’ll  be  a  backlash,” 
Catalano  said. “They’ll  just  go  to 
the  competitors.” 

“Manufacturers  are  very  con¬ 
cerned  about  the  ability  to  com¬ 


municate  status  in  real  time,”  says 
Robert  Parker,  vice  president  and 
manufacturing  industry  strategist 
for  AMR  Research.  To  that  end 
they  are  spending  more  money. 

Two-thirds  of  large  manufactur¬ 
ers  say  they  plan  to  increase  their 
technology  budgets  this  year, 
according  to  an  AMR  survey  The 
firm  also  predicts  that  manufac¬ 
turers’  enterprise  application 
spending  will  rise  9%  this  year. 

Large  manufacturers  fueling 
this  drive  include  General  Motors, 
which  last  fall  announced  a  plan 
to  convert  all  its  machine  con¬ 
trollers,  robots  and  process-con¬ 
trol  equipment  to  Ethernet/ 
Industrial  Protocol,  a  developing 
standard  for  controlling  tradition¬ 
ally  proprietary-based  manufac¬ 


turing  equipment  via  standard 
network  technology 

“We  wanted  an  Ethernet  imple¬ 
mentation  that  is  open,  readily 
available,  capable  of  real-time 
data  delivery  and  uses  standard 
infrastructure  devices,”  said  Gary 
Workman,  staff  development  en¬ 
gineer  at  GM,  in  a  statement. 

Product  sampler 

Products  at  the  National  Manu¬ 
facturing  Week  show  for  linking 
factory  floor  networks  included 
familiar  names  and  some  indus¬ 
try  niche  companies  offering 
industrial  Ethernet  switches. 

RFID  vendor  Intermec  an¬ 
nounced  the  CV60,  a  Windows- 
based  mobile  computer  that  can 
connect  to  an  802.11-based  net¬ 
work  and  read  RFID  tag  data  from 
equipment  and  inventory  The  PC 
also  supports  Bluetooth,  letting  it 
download  data  and  print  wireless¬ 
ly  The  firm  also  announced  the  IP 


RFID  scanner,  a  handheld  scan¬ 
ning  device  that  can  read  RFID 
tags  or  write  new  data  to  tags. 

PeopleSoft  also  launched  soft¬ 
ware  to  help  manufacturers  uti¬ 
lize  and  manage  RFID  data.  The 
modules  for  its  EnterpriseOne 
ERP  software  let  users  create 
PeopleSoft  systems  that  produce 
and  track  RFID  tags  with  cus¬ 
tomized  product,  origin-location 
and  transaction-time  data. 

Cisco  announced  a  product 
package  aimed  at  manufacturers, 
based  on  versions  of  its  Catalyst 
2900  switches  and  Aironet  Wi-Fi 
access  points,  modified  to  with¬ 
stand  extreme  heat  and  dust  on 
factory  floors. 

Also  displaying  new  products 
was  Wago  Systems,  which  makes 


products  that  convert  communi¬ 
cations  from  programmable  logic 
controllers  (PLC)  —  devices  that 
run  industrial  equipment  —  into 
Ethernet  signals.  Wago  showed  an 
eight-port  hardened  Ethernet 
switch  with  built-in  conversion 
technology  for  transporting  Field- 
bus  protocol  traffic  —  a  legacy 
manufacturing  protocol  —  over 
Layer  2  Ethernet. 

B&B  Electronics  announced  Wi¬ 
Fi  conversion  devices  that  can 
plug  into  serial  ports  on  PLCs.This 
lets  factory  staff  wirelessly  control 
industrial  equipment  that  might 
only  have  been  accessible  from  a 
console  or  workstation  attached 
to  the  machine.  The  company 
says  its  converters  can  be  config¬ 
ured  in  a  wireless  mesh,  allowing 
access  to  nodes  across  a  large 
factory  area. 

Using  IP  networking  in  factories 
is  nothing  new  at  Corrugated 
Supply  a  Chicago  producer  of 


cardboard  and  packaging  materi¬ 
als.  Since  the  mid-1990s,  the  firm 
has  used  an  Internet-based, 
paperless  purchase-order  and 
work-scheduling  system  based 
on  software  produced  in-house. 

Recently,  the  company  up¬ 
graded  to  Cisco  switches,  routers, 
wireless  and  VoIP  gear  in  its  plants 
in  Chicago,  Alabama  and  Wiscon¬ 
sin  for  real-time  plant  monitoring 
and  remote-access  support. 

The  company  uses  a  centralized 
Cisco  CallManager  IP  PBX  to  run 
the  phone  system  in  its  factories 
over  a  VPN.  This  secure  WAN  also 
lets  the  company  centralize  all  its 
data  center  applications,  plant 
monitoring  applications  and  IP 
video  monitoring. 

“We  were  able  to  open  new 
plants  more  efficiently  [in  Ala¬ 
bama  and  Wisconsin]  because 
we  didn’t  have  to  provide  the 
overhead  of  a  phone  system  or 
payroll  or  accounting  systems,” 
said  Dave  Pung,  director  of  infor¬ 
mation  services  at  Corrugated 
Supply 

Ethernet  switches  and  WLANs 
on  the  factory  floors  feed  data 
from  corrugation  machines  into 
the  data  center.  Software  trans¬ 
forms  the  data  into  real-time 
reports,  delivered  to  customers 
over  the  Web.  Managers  in  the 
plants  also  use  Cisco  wireless  IP 
phones  to  stay  connected  while 
roaming  the  facilities. 

The  VPN  also  lets  the  company’s 
supplier  of  industrial  corrugation 
equipment  —  Fosber,  an  Italian 
firm — securely  access  machines. 

“They  can  come  right  in  over 
the  VPN  and  do  upgrades  and 
maintenance”  on  the  machines, 
which  is  a  lot  less  expensive  than 
paying  someone  to  come  from 
Europe,  Pung  said. 

At  Boise  Cascade,  remote 
monitoring  of  machinery  over 
an  IP  network  is  also  a  valuable 
capability. 

“Another  major  goal  is  to  figure 
out  how  to  reduce  waste”  associ¬ 
ated  with  paper  production,  Cata¬ 
lano  said.  Collecting  data  from 
paper-production  machines  lets 
the  company  analyze  perfor¬ 
mance  statistics  and  calculate 
how  to  run  the  machines  more 
efficiently  This  analysis  also  lets 
the  firm  predict  possible  failures 
in  machines  and  do  predictive 
maintenance. 

“These  are  billion-dollar  mach¬ 
ines,”  Catalano  said.  “If  one  goes 
down,  it’s  about  $100,000  per 
hour  of  cost.”B 
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Where  IT  goes 


Manufacturers  are  expected  to  spend  more  than  a  third 
of  their  IT  budgets  maintaining  and  upgrading  network 
and  data  center  hardware  this  year. 
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Double  your  productivity  with  Scan2  technology. 


❖  The  best  way  to  stay  ahead  is  to  double  your 
productivity.  Introducing  Scan2  technology 
Scan2  from  Sharp.  Sharp's  Digital  Imagers  with  Scan2 
technology  are  designed  to  scan  two-sided  documents  in 
a  single  pass. 

Now  your  training  manuals  and  white  papers  can  be 
scanned,  copied,  emailed  and  digitally  distributed  quicker 
than  ever  before. 


In  fact,  it's  115%  faster  than  any  other  product  in  its 
class.  Not  only  is  it  like  having  double  the  help,  it  will  also 
allow  you  to  accomplish  more  tasks,  in  dramatically  less  time. 
Together  with  Sharp's  integrated  network  management 
software  and  security  features,  your  digital  information  is 
safe  and  workflow  is  fully  optimized. 

Visit  sharpusa.com/scan2  or  call  1-800-BE-SHARP  for 
more  information. 


The  AR-M550,  AR-M620  and  AR-M700: 

.  Operate  at  55, 62  and  70  pages-per-minute 
.  Fully  integrated  network  ready  digital  copier/printers 
.  Include  network  management  software  and  document 
filing  capability 


be  sharp 


•  Results  of  Buyers  Laboratory  Inc  Document  Feeding  Speed  tests  (originals  per  minute)  in  22  mode  for  Sharp  AR-M550  vs.  the  following  manufacturers’  competitive  models:  Canon  iR  5000  and  5020.  HP  9055  MFP,  Konica  71 55.  Kyocera  Mita  KM-5530.  Ricoh  Aficio  1055  and  55 1 ,  arid  Toshiba 
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A  true  10G  Ethernet  switch,  but  failover 
tests  raise  resiliency  issues 

■  BY  DAVID  NEWMAN,  NETWORK  WORLD  LAB  ALLIANCE 

an  exclusive  Network  World  lab  test,  Foundry  Networks’  Biglron  MG8  switch 
proved  to  be  one  of  only  two  enterprise  backbone  switches  to  deliver  wire-rate 
throughput  on  all  interfaces  of  its  10G  Ethernet  line  cards.  Plus  it’s  the  only  one 
to  do  so  with  minimal  delay  and  jitter. 


The  MG8,  which  includes  not  only  10G 
Ethernet  interfaces  but  also  a  new  40- 
port  Gigabit  Ethernet  blade,  also  demon¬ 
strated  first-rate,  quality-of-service  (QoS) 
enforcement  capabilities. 

However,  while  the  MG8  lives  up  to  its 
“Mucho  Grande”  moniker  in  terms  of  raw 
horsepower  and  traffic  control,  the  late 
beta  version  Foundry  supplied  of  its  new 
40-port  Gigabit  Ethernet  line  card  has  a 
few  performance  kinks.  More  seriously,  in 
our  failover  tests  while  the  MG8  rerouted 
one  flow  very  fast,  recovery  times  might 
increase  along  with  flow  counts. 

The  vendor  says  a  firmware  upgrade 
due  next  month  will  improve  perfor¬ 
mance  on  its  40-port  card.  Foundry  also 
says  a  larger  switch/router  —  the  Netlron 
40G  —  will  address  the  failover  issue. Late 
next  month  we  plan  to  test  the  upgraded 
40-port  card  and  the  40G  chassis. 

We  used  Spirent’s  SmartBits  to  mea¬ 
sure  the  MG8’s  throughput  and  delay  — 
the  same  way  we’ve  tested  10G  switches 
in  the  past  (see  www.nwfusion.com, 


Company:  Foundry  Networks, 
www.foundrynetworks.com  Cost: 
$182,260  as  tested.  Pros:  10G  cards  have 
line-rate  throughput  and  low  latency; 
excellent  QoS  enforcement.  Cons: 
Scalability  issues  with  failover,  40-port 
1G  cards  are  blocking. 

The  breakdown;  _ 

10G  Ethernet  performance  25%  5 

Gigabit  Ethernet  performance  3 
over  10G  backbone  25%  ! 

QoS  enforcement  25%  5 

Failover  15%  1 

Features  10%  4.5 

TOTAL  SCORE  3.85 


m 


Scoring  Key:  5:  Exceptional;  4:  Very  good;  3: 
Average;  2:  Below  average;  1:  Consistently 

subpar 


DocFinders:  9937  and 
9938)  —  in  four  config¬ 
urations: 

•  A  pure  10G  Ethernet 
setup  with  four  inter¬ 
faces. 

•  Between  groups  of 
Gigabit  Ethernet  inter¬ 
faces  exchanging  traffic 
across  a  10G  Ethernet 
backbone. 

•  Within  the  40-port 
Gigabit  Ethernet  line 
card. 

•  Between  the  40-port 
card  and  four  10G 
Ethernet  interfaces  (see 
How  we  did  it,  DocFinder:  9939). 

Foundry’s  best  results  came  during  the 
pure  10G  Ethernet  tests.The  four-port  10G 
Ethernet  module  handled  small,  midsize 
and  large  frames  at  full  10-Gigabit  line 
rate  with  zero  loss  (see  the  throughput 
graph  at  DocFinder:  9940). 

The  MG8  also  delivered  line-rate  perfor¬ 
mance  in  our  basic  backbone  test.  This 
configuration  tests  10G  Ethernet  the  way 
it’s  most  likely  to  be  used  —  as  an  aggre¬ 
gation  technology  for  multiple  Gigabit 
Ethernet  links. 

However,  results  were  less  than  perfect 
in  tests  of  Foundry’s  40-port  Gigabit 
Ethernet  line  card.  The  late  beta  version 
we  tested  forwarded  64-byte  frames  at 
line  rate, but  dropped  256-  and  1,518-byte 
frames  in  some  tests. 

In  our  40-port  full-mesh  tests,  the  card 
delivered  line-rate  throughput  with  short 
frames,  but  throughput  with  256-byte 
frames  was  equivalent  to  96.9%  of  line 
rate.  When  handling  1,518-byte  frames, 
the  MG8’s  new  Gigabit  Ethernet  blade 
maxed  out  at  83%  of  line  rate. 

In  tests  where  the  40-port  Gigabit  Ether¬ 
net  card  exchanged  traffic  with  four  10G 
Ethernet  interfaces  —  which  demon¬ 
strates  how  the  switch  will  perform  as 
part  of  a  10G  Ethernet  backbone  —  the 
MG8  forwarded  64-  and  256-byte  frames 
at  line  rate.  Throughput  for  1,518-byte 
frames  fell  to  the  equivalent  of  40.2%  of 
line  rate. 

The  MG8  put  up  impressive  delay 
and  jitter  numbers,  meaning  delays  will 


not  affect  application 
performance. 

In  the  pure  10G 
Ethernet  tests,  the 
MG8  introduced  de¬ 
lay  of  between  6.8 
and  13.9  microsec, 
depending  on  frame 
length  (see  delay 
graph,  DocFinder 
9941). That’s  compara¬ 
ble  to  those  for  Cisco’s 
10G  Ethernet  blade. 

However,  because  of 
a  configuration  error 
on  our  part,  we  threw 
10  times  as  much  traffic 
at  Foundry’s  switch  as  Cisco’s  when  mea¬ 
suring  latency  Even  under  these  condi¬ 
tions,  the  MG8  kept  delay  low  and  consis¬ 
tent.  Jitter  (delay  variation)  was  a  maxi¬ 
mum  of  2.5  microsec. 

In  delay  tests  of  Gigabit  Ethernet  across 
a  10G  Ethernet  backbone,  a  pair  of  MG8s 
held  up  frames  anywhere  from  18.4  to 
60.2  microsec  for  short  and  long  frames, 
respectively 

Within  a  single  40-port  blade,  average 
delay  ranged  from  7.8  to  24.6  microsec. 
When  moving  traffic  between  the  40-port 
blade  and  10G  Ethernet  interfaces,  delay 
ranged  from  9.3  to  20  microsec. 

Failover  foibles 

Our  failover  tests  measure  the  MG8’s 
ability  to  move  traffic  onto  a  secondary 
link  when  a  primary  link  fails.  Because 
availability  trumps  performance  for 
many  network  professionals,  this  was  an 
important  test. 

Things  began  well  enough.  We  mea¬ 
sured  failover  of  a  single  flow  using 
three  technologies,  and  in  all  cases  the 
switch  redirected  traffic  in  34  msec  or 
less.  That’s  better  than  Foundry’s  first- 
generation  product,  and  slightly  faster 
than  single-flow  numbers  for  Cisco’s 
Catalyst  6500. 

However,  single-flow  measurements 
aren’t  terribly  meaningful  in  an  enter¬ 
prise  context,  where  huge  numbers  of 
flows  might  be  involved.  We  found  that 
Cisco  Catalyst  6500  failover  times  for  1 
million  flows  were  similar  to  those  for 


Foundry  Biglron  MG8 


one  flow. 

We  could  not  test  the  MG8  this  way 
because  it  cannot  hold  a  routing  table 
with  1  million  entries.That’s  hardly  a  fatal 
flaw  given  that  routing  tables  even  at 
large  companies  are  more  on  the  order 
of  1 ,000  entries.  But  we  were  unable  to 
nm  our  test  even  with  1,000  entries.  The 
MG8’s  design  requires  a  new  entry  in  its 
Layer  2  forwarding  table  every  time 
there’s  a  change  in  a  flow’s  Layer-3  rout¬ 
ing  information.  Because  the  MG8  can¬ 
not  forward  traffic  without  a  table  entry 
failover  time  increases  with  the  number 
of  flows  being  failed  over. 

Large  numbers  of  routes  can  disappear 
from  a  backbone  switch/router  for  rea¬ 
sons  beyond  a  corporation’s  control, 
such  as  an  Internet  route  flap.  In  such  sit¬ 
uations,  flow-based  designs  such  as  the 
MG8’s  will  take  longer  to  reroute  traffic 
than  devices  that  “prepopulate”  the  for¬ 
warding  database  as  they  learn  routes. 

Foundry  says  failover  times  haven’t 
been  a  problem  even  for  its  large  enter¬ 
prise  customers. 

Our  QoS  tests  assessed  the  MG8’s  ability 
to  perform  two  types  of  prioritization  at 
once.  The  goal  was  to  see  if  the  MG8 
could  protect  the  higl\-priority  traffic 
while  simultaneously  limiting  low-priori¬ 
ty  traffic  to  no  more  than  2G  bit/sec.  The 
MG8  met  both  QoS  goals. 

Newman  is  president  of  Network  Test,  an 
independent  benchmarking  and  network 
design  consultancy  in  Westlake  Village, 
Calif.  He  can  be  reached  at  dnewman@ 
networktest.com. 
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also  to  Siemon,  which  supplied  all  single-  and 
multimode  fiber  cabling. 
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Compellent  rolls  out 
packaged  storage  array 


■  BY  DENI  CONNOR 

Start-up  Compellent  launched  a  modular 
storage  array  last  week  that  features  inte¬ 
grated  replication,  provisioning,  virtualiza¬ 
tion  and  data-recovery  software  that  lets 
users  license  and  turn  on  the  components 
as  they  need  them. 

The  company  introduced  Storage  Center, 
a  Fibre  Channel,  SCSI  or  Serial  ATA  array 


that  links  to  Windows,  Linux,  NetWare  and 
Unix  servers  and  scales  from  one-half  ter¬ 
abyte  to  more  than  500  terabytes.  Storage 
Center  comes  integrated  with  a  number  of 
applications  including: 

•  Dynamic  Capacity,  which  lets  users  allo¬ 
cate  space  when  data  is  physically  stored. 

•  Dynamic  Progression,  a  package  that 
automatically  moves  data  between  different 

See  Compellent,  page  57 


■  PROFILE: 


COMPELLENT 

Headquarters: 

Eden  Prairie,  Minn. 

Founded: 

March  2002 

Primary 

product: 

Storage  Center  modular  storage  array 

Management 

team: 

CEO  Phil  Soran,  COO  John  Guider  and  CTO  Larry  Aszmann,  all 
formerly  with  Xiotech. 

Funding: 

$23  million  from  Cargil  Ventures,  Crescendo  Ventures  and  El 
Dorado  Ventures. 

Fun  fact: 

Company  name  is  a  combination  of  the  words  "compelling"  and 
"excellent.” 

Alcatel  debuts  wireless  gear 


■  V  OmiUtUM 


Alcatel's  new  OminiAccess  4000  wireless  LAN  switches, 
based  on  the  Airespace  products,  link  with  Alcatel's  net¬ 
work  management  and  security  offerings  and  its  IP  voice 
products. 


■  BY  JOHN  COX 

Alcatel  this  week  plans  to 
round  out  its  enterprise  network 
product  line  with  wireless  LAN 
and  voice  products. 

The  hardware  is  based  largely 
on  third-party  products  that 
have  been  integrated  with 
Alcatel’s  network  management, 
security  and  IP  PBX  offerings. 

“They’re  not  going  to  stomp 
on  the  WLAN  market  [with 
these  offerings],”  says  Joel 
Conover,  principal  analyst  for  enterprise 
infrastructure  at  Current  Analysis.  “The 
real  key  is  that  they  couldn’t  sell  on  an 
end-to-end  basis  without  that  wireless 
component." 

The  new  offerings  are  rebranded  WLAN 
switches  and  access  points  from  Aire¬ 
space,  and  WLAN  VoIP  phone  handsets 
from  Spectralink. 

WLAN  products  include  the  OmniAccess 
1200  thin  access  points,  which  can  support 
either  an  802.1  lb/g  or  802.1  la/b/g  radio. 
They  plug  into  12-  or  24-port  OmniAccess 
WLAN  switches,  which  mount  in  wiring 
closets,  or  into  spare  Ethernet  LAN  ports, 
and  then  use  a  tunneling  protocol  over  the 
IP  net  to  reach  an  OmniAccess  4 102, a  rack¬ 
mounted  appliance  for  data  centers. 

A  management  package  called  the 
OmniVista  Air  Control  System  relies  heavily 
on  Airespace’s  radio  frequency  manage 
ment  software.  Among  other  things,  it  auto¬ 


matically  can  adjust  the  channel  assign¬ 
ments  and  power  levels  of  the  radios  in  the 
access  points. 

The  switches  support  a  range  of  wireless 
security  protocols  and  standards,  such  as 
having  the  necessary  processing  power  to 
support  an  expected  2004  upgrade  to  the 
IEEE  802.1  li  security  standard. 

This  summer,  Alcatel  plans  to  ship  two 
voice-over-WLAN  handsets:  the  Mobile  IP 
Touch  300  for  typical  office  settings;  and  a 
rugged  version,  the  IPTouch  600,  for  indus¬ 
trial  and  similar  settings. 

"They’re  way  out  in  front  of  the  enterprise 
market  with  this  wireless  convergence,” 
Conover  says.“Most  enterprises  are  moving 
toward  convergence  [of  voice  and  data] 
and  then  wireless.” 

The  OmniAccess  4000  series  WLAN 
switches  start  at  $8,250  (the  appliance  ver¬ 
sion  starts  at  $13,685);  the  access  points 
start  at  $400.  ■ 
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How  it  would  work 

Microsoft  last  week  laid  out  a  concept  for  an  e-mail  authentication  service  called  Caller 
ID  for  E-Mail,  which  it  says  would  eliminate  domain  spoofing  and  reduce  spam. 

Business.com 
SMTP  gateway 


User1@Corp.com 


User2@Business.com 


Mail  server 
@Corp.com 


©  Mail  server 
@Business.com 


O  User1@Corp.com 
sends  e-mail  to 
User2@Business.com. 


©  The  Business.com  SMTP  gateway 
supporting  Caller  ID  for  E-mail  determines 
the  purported  responsible  domain  for 
sending  the  message,  Corp.com,  which 
has  registered  the  IP  addresses  of  its 
outgoing  mail  servers  in  the  DNS.* 


0  The  STMP  gateway  queries  the  DNS  for  the  list  of  outbound 
e-mail  servers  at  Corp.com  and  checks  whether  the  IP 
address  on  the  message  matches  an  IP  address  listed  in 
DNS.  If  no  match  is  found,  the  message  has  most  likely 
been  spoofed  and  is  dropped.  If  a  match  is  found,  the 
message  is  delivered  to  User2@Business.com. 


*DNS  is  the  global  distributed  database  that  provides  numerical  IP  addresses  and  other  information  about  Internet  domains. 


Spam 

continued  from  page  1 

Wong,  and  the  Lightweight  MT1 
Authentication  Protocol  (LMAP) 
under  development  at  the  IETF 

The  unifying  premise  of  these 
efforts  is  simple:  Authenticate  the 
sender  of  an  email  using  DNS  as 
a  way  to  thwart  spammers.  Spam¬ 
filtering  providers  such  as  Bright- 
mail  and  Fbstini  use  proprietary 
technology  to  authenticate  sen¬ 
ders.  Yahoo  has  developed  an 
authentication  scheme  using  digi¬ 
tal  signatures  called  DomainKeys. 

But  deploying  a  standard  mech¬ 
anism  for  the  Internet  is  not  with¬ 
out  potential  problems.  These 
challenges  include  the  potential 
for  hits  on  network  performance 
associated  with  checking  every 
e-mail  and  the  need  for  almost 
universal  adoption.  And  there  are 
also  technical  challenges  related 
to  modifications  to  mail  headers 
and  DNS,  the  Internet’s  database 
that  routes  e-mail  and  locates 
Web  pages. 

“It  makes  sense;  it’s  the  right  way 
to  think  about  using  DNS,”  says 
Paul  Mockapetris,  who  created 
DNS  20  years  ago  and  is  now  the 
chief  scientist  and  chairman  of  IP 
address-management  software 
vendor  Nominum.  Technologies 
such  as  radio  frequency  identifi¬ 
cation  (RFID)  and  Enum,  the  in¬ 
ternational  electronic  numbering 
domain  system,  also  use  DNS  for 
similar  look-ups. 

“One  thing  is  ominous,  how¬ 
ever,”  says  Mockapetris,  who  has 
been  touting  DNS  as  a  building 
block  for  these  new  technologies. 
“More  people  are  putting  more 
things  in  DNS  and  it  increases  the 
chances  people  will  try  to  screw 
with  you  by  corrupting  your  DNS 
server’’  He  says  that  makes  DNS 
Security,  which  has  been  a  work 


\  I  / 


■  THIS  WEEK'S  QUESTION: 

Novell  has  been  known 
for  years  as  being  a 
Provo,  Utah  company. 
But  where  are  its 
headquarters  now? 

_l _ _ _ 

Stumped?  Get  the  answer  online. 

Visit  Network  World  Fusion  and  enter 
????  in  the  Search  box. 


in  progress  at  the  IETF  for  10 
years,  that  much  more  critical. 

To  underscore  the  challenges 
presented  in  creating  a  standard 
for  authentication  of  e-mail 
senders,  the  IETF  had  no  luck 
with  six  other  specifications  that 
addressed  the  issue.  But  interest  is 
high,  with  more  than  8,000  com¬ 
panies  testing  or  having  imple¬ 
mented  SPF  alone,  including 
AltaVista,  Amazon.com,  AOL, 
Google, SAP  and  Sendmail. “We’ve 
just  started  testing  SPF  we’re  in  an 
experimental  phase  and  we’re 
only  using  it  on  outbound  e-mail,” 
says  AOL  spokesman  Nicholas 
Graham.  “We’re  aware  of  Micro¬ 
soft’s  Caller  ID  proposal  and  wel¬ 
come  it.” 

Sendmail  and  Amazon.com 
also  are  backing  Caller  ID.  Send¬ 
mail  plans  to  add  support  into  its 
open  source  and  commercial 
message  transfer  agents,  and 
Amazon.com  plans  to  add  it  to  its 
messaging  servers. 

Microsoft  added  support  for 
Caller  ID  in  its  Hotmail  e-mail  ser¬ 
vice  last  week  and  plans  to  sup¬ 
port  an  enterprise  implementa¬ 
tion  as  part  of  a  new  Simple  Mail 
Transfer  Protocol  gateway  set  for 
beta  testing  in  May 

Microsoft’s  Caller  ID  specifica¬ 
tion,  like  SPp  works  by  having 
companies  register  the  IP  ad¬ 
dresses  of  their  outgoing  e-mail 
servers  in  DNS.  Currently, only  the 
e-mail  servers  that  accept  incom¬ 
ing  mail  are  registered  in  DNS. 
With  Caller  ID,  a  recipient’s 
e-mail  system  would  verify 
through  DNS  if  the  IP  address 
used  in  the  e-mail  header  of  a 
message  corresponds  with  an 
authorized  server  in  the  domain 
used  in  the  sender’s  message. 

However,  using  DNS  requires 
companies  to  rewrite  TXT  files 
within  their  DNS  servers  to  carry 
the  XML-based  Caller  ID  lists  of 
outgoing  e-mail  servers.  Some 
observers  debate  whether  the 
verbose  nature  of  XML  will  cause 
problems  for  DNS.  There  also  are 
performance  and  scalability 
issues  with  Caller  ID  because 
each  e-mail  has  to  be  opened  by 
the  receiving  e-mail  system  so  the 
header  can  be  read.  The  issue  is 
unique  to  Caller  ID  because  SPF 
reads  only  the  e-mail  address  in 
the  message  and  doesn’t  require 
opening  the  message  or  even 
downloading  it. 

Ron  Moritz,  chief  security  strate¬ 
gist  at  Computer  Associates,  says 
widespread  use  of  DNS  look-up 
would  likely  create  additional 
CPU  processing  demands  on 
mail  servers.“Mail  is  store  and  for¬ 
ward,  and  any  process  that 
changes  this  changes  the  SMTP 


standard,”  he  says.  “Anything  that 
disrupts  the  flow  of  mail  could  be 
a  challenge.” 

In  addition  to  other  DNS  con¬ 
cerns,  users  would  have  to  be 
aware  of  the  “time-to-live”  settings 
on  locally  cached  DNS  records, 
which  could  complicate  the  addi¬ 
tion  or  removal  of  mail  servers 
from  the  network. 

Other  technical  issues  revolve 
around  how  mail  is  delivered, 
especially  services  that  forward 
e-mail,  such  as  Pobox.com, 
where  SPF  co-author  Wong  is 
president  and  CTO.  Forwarding 
services  would  have  to  support 
mechanisms  for  adding  the  orig¬ 
inal  sender’s  IP  address  in  the 
message  header.  There  are  simi¬ 
lar  issues  for  mobile  users,  mail¬ 
ing  lists,  Web  mail  and  out¬ 
sourced  mail. 

“[Caller  ID]  would  require  a  lot 
of  changes.  But  it  would  work  for 
spam,” says  David  Houser, security 
architect  at  Nationwide  Mutual 
Life  Insurance  Company  in  Col- 
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Ever-escalating  e-mail  assaults  threaten 
core  competencies  of  even  the  most 
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umbus.Ohio. 

“The  deployment  issues  don’t 
seem  huge.  The  big  issue  will  be 
developing  critical  mass  and  that 
is  a  political  issue,”  says  Rand 
Wacker,  director  of  product  stra¬ 
tegy  and  planning  for  Sendmail, 
which  develops  open  source  and 
commercial  message  transfer 
agents  that  handle  almost  75%  of 
all  e-mail  traffic. 

Others  say  the  time  it  will  take  to 
reach  that  mass  could  greatly 
deter  adoption. 

“Spam  is  an  issue  today  and 
there  is  good  filtering  available 
today]’ says  Andrew  Lochart,  direc¬ 
tor  of  product  marketing  for 


Postini.  “Caller  ID  sounds  good 
until  you  look  at  the  fine  print, 
and  then  people  ask  how  long 
will  this  take  to  deploy]’ 

Still  others  think  Microsoft’s 
plan  lacks  innovation  and  reveals 
ulterior  motives. 

“What  Microsoft  is  doing  is 
nothing  revolutionary]’ says  James 
Kobeiius,  analyst  with  Burton 
Group.’Jt’s  reverse  DNS  checking. 
Everybody  does  it.” 

He  says  Microsoft  is  playing 
catch-up  but  now  wants  to  sell 
[messaging]  products  to  the  ISPs 
by  having  a  stronger  anti-spam 
product  that  contains  anti-spoof- 
ing  features.  ■ 


RSA 

continued  from  page  1 

available  from  Cisco,  Network  Associates  and  others,  is  seen  as  com¬ 
plementing  signature-based  anti-virus  tools. 

Bill  Gates,  Microsoft’s  chairman  and  chief  software  architect, outlined 
the  “active  protection  technology”  effort  during  a  keynote  address. 

“You  can  really  think  of  this  as  taking  the  notion  of  secure-by-default 
to  the  next  level, ’’said  Gates,  who  along  with  other  Microsoft  executives 
has  been  talking  tough  about  security  for  the  past  two  years  under  an 
initiative  called  Trustworthy  Computing.  “The  system  will  truly  know 
what  actions  are  allowed  for  operating-system  components  and  the 
applications  that  are  running.” 

He  described  how  it  could  help  prevent  the  spread  of  worms  that 
take  advantage  of  unpatched  vulnerabilities  in  Microsoft  applications. 
“For  example,  the  Blaster  worm  caused  the  RPC  service  to  open  a  back 
door  and  download  some  malicious  code  on  the  machine.  In  this  case, 
behavior  blocking  would  recognize  that  this  behavior  is  out  of  the  ordi¬ 
nary  for  the  RPC  service  and  block  it,”  he  said. 

Gates  offered  little  detail  about  how  or  when  the  new  technology 
would  show  up  in  products.  But  analysts  say  they  expect  the  technol¬ 
ogy,  obtained  in  part  through  Microsoft’s  acquisition  last  year  of  start-up 
Pelican  Security,  will  be  in  Windows  client  and  server  software  by  year- 
end.  Microsoft  sources  confirmed  that  is  the  goal. 

Gartner  analyst  John  Pescatore  says  Microsoft’s  effort  to  safeguard 
Windows  networks  via  behavior  blocking  runs  counter  to  the  compa¬ 
ny’s  traditional  way  of  designing  software,  which  “was  always  about 
making  things  easier  for  the  user. ’’That  approach  has  led  to  more  than 

See  RSA,  page  13 
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continued  from  page  12 

its  fair  share  of  holes. 

“To  Microsoft,  it’s  been  foreign  culture  to 
try  and  stop  anything,”  he  says. 

The  biggest  challenge  in  behavior-block¬ 
ing  software  is  making  sure  it  doesn’t 
“keep  good  things  from  happening  too,” 
Pescatore  says. 

Vendors  already  with  behavior-blocking 
technology  seemed  unfazed  by  Gates’ 
pronouncement. 

Avert  Research  Securitya  worm-watching 
group  within  Network  Associates’  McAfee 
division,  last  week  announced  it  will  begin 
issuing  alerts  about  new  software  vulnera- 


aco’s  manager  for  security. 

“We  want  to  get  rid  of  simple  passwords 
completely  Yee  says,  noting  that  reusable 
passwords  not  only  present  higher  risk 
because  they  might  be  shared  or  stolen, 
but  add  management  cost.“We  have  3,000 
to  4,000  password  resets  every  month,” says 
Yee,who  calculates  this  can  reach  $20  per 
help  desk  call. The  SecurlD  dynamic  pass¬ 
words  can  eliminate  the  need  for  pass¬ 
word  changes. 

Separately,  RSA  says  it  is  working  on  an 
RFID  Blocker  Tag,  a  technology  that  would 
prevent  radio  frequency  identification 
readers  from  performing  unwanted  scans 
on  goods  with  RFID  tags  in  them.The  tech¬ 
nology  is  being  developed  with  Massa- 


IlYou  can  really  think  of  this  as  taking  the 
notion  of  secure-by-default  to  the  next  level. 
The  system  will  truly  know  what  actions  are 
allowed  for  operating-system  components 
and  the  applications  that  are  running.  9  9 
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bilities  and  will  add  filtering  safeguards  or 
updates  to  McAfee’s  Entercept  behavior¬ 
blocking  product  if  necessary 

Microsoft’s  heightened  interest  in  behav¬ 
ior  blocking  “validates  these  new  methods 
are  being  required  to  solve  the  problems  of 
today’s  world,”  says  Jeff  Platon,  security 
products  manager  at  Cisco,  which  sells 
behavior-blocking  software  based  on  tech¬ 
nology  obtained  last  year  via  its  Okena 
acquisition. 

RSA  and  Microsoft 

Microsoft  also  has  been  working  with 
RSA  Security  which  introduced  SecurlD  for 
Windows  at  the  show.This  is  authentication 
and  audit  software  for  Windows  2000  and 
XP  that  allows  direct  log  on  to  Windows 
desktops  by  means  of  the  SecurlD  hand¬ 
held  token.  The  token  generates  a  new 
password  every  minute. 

RSA,  which  is  making  SecurlD  for  Win¬ 
dows  available  in  May  designed  the  soft¬ 
ware  so  a  laptop  can  use  dynamic  one 
time  passwords  offline  without  having  to 
be  connected  to  RSA  ACE/Server  6.0  to 
authenticate  the  user.  The  software,  which 
costs  about  $20  per  user,  marks  the  first 
time  RSA  has  designed  a  SecurlD  product 
intended  for  internal  enterprise  use  rather 
than  remote  access. 

ChevronTexaco  already  has  25,000  users 
with  SecurlD  for  remote  access  to  the  San 
Ramon,  Calif.,  company’s  network.  The 
company  plans  to  upgrade  from  an  earlier 
edition  of  ACE/Server  to  Version  6.0  to  give 
SecurlD  dynamic-password  tokens 
to  70,000  users  for  inter¬ 
nal  use  as  well,  says 
Edmund  Yee  ChevronTex- 


chusetts  Institute  of  Technology  professor 
Ron  Rivest,  who  contributed  to  the  devel¬ 
opment  of  the  RSA  public-key  technology 

Also  at  the  show: 

•  IT  security  executives  from  Macro¬ 
media,  McKesson  and  Motorola  joined 
with  security  firm  Foundstone  to  launch 
the  Security  Metrics  Consortium.  William 
Boni,  Motorola’s  chief  information  securi¬ 
ty  officer  and  the  new  consortium’s  chair, 
says  he  envisions  coming  up  with  a  kind 
of  “dash  board”  to  define  security  prac¬ 
tices  and  implementation  approaches 
that  would  help  give  IT  departments  and 
executive  boardrooms  a  better  under¬ 
standing  of  how  security  is  applied  to  reg¬ 
ulatory  requirements,  such  as  the 
Sarbanes-Oxley  Act  or  the  Health  In¬ 
surance  Portability  and  Accountability 
Act,  across  various  industries. 

•  Eleven  security  vendors  banded  to¬ 
gether  to  form  the  Cyber  Security  Industry 
Alliance  (CS1A),  a  nonprofit  advocacy 
group  to  represent  their  policy  views  to  fed¬ 
eral  agencies,  such  as  the  Department  of 
Homeland  Security  and  international  gov¬ 
ernments.  CSIA  is  headed  by  executive  { 
director  Paul  Kurtz,  who  recently  served  as 
special  assistant  to  the  president  and 
senior  director  for  critical  infrastructure 
protection  on  the  White  House’s  Home¬ 
land  Security  Council. The  founding  mem¬ 
bers  —  which  pay  anywhere  from  $60,000 
to  $150,000  in  annual  dues  to  have  a  say  in 
policy  views  —  include  BindView,  Check 
Paint,  Computer  Associates,  Entrust,  Inter¬ 
net  Security  Systems,  NetScreen  Technolo¬ 
gies,  Network  Associates, 
PGP  RSA,  Secure  Com¬ 
puting  and  Symantec.  ■ 
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Domain  names 

continued  from  page  1 

.com  address.  But  for  the  last  year,  queries  to  that  address 
have  been  redirected  to  its  .coop  address. 

“We've  had  constantly  escalating  traffic”  Bausell  says.“We 
use  the  .coop  URL  in  every  TV  and  print  ad — We  view 
.coop  as  a  key  differentiator  for  us.” 

Touchstone  Energy  is  not  alone.  Utilities,  credit  unions 
and  agricultural  partnerships  have  purchased  8,200  .coop 
names  from  the  registry  run  by  the  National  Cooperative 
Business  Association.  (Registries  provide  the  back-end 
operations  fora  domain, such  as VeriSign  provides  for 
.com  and  .net.) 

Meanwhile,  British  Airways  and  Los  Angeles  Inter¬ 
national  Airport  are  among  the  airlines  and  airports 
that  have  purchased  4,000  domain  names  ending  in 
.aero. The  International  Spy  Museum  is  one  of  about 
600  owners  of  domain  names  ending  in  .museum. 

Sales  of  specialized  domain  names  are  expected  to 
increase,  and  Internet  regulators  plan  to  select  sever¬ 
al  new  industry-specific  extensions  later  this  year. The 
Internet  Corporation  for  Assigned  Names  and 
Numbers  (ICANN)  has  asked  industry  groups  to  sub¬ 
mit  proposals  for  new,  industry-sponsored  top-level 
domains  by  March  15, and  the  topic  is  on  the  groups 
agenda  at  a  meeting  this  week  in  Rome.  Among  the 
extensions  expected  to  be  proposed  are  .travel, 
.health  and  .union. 

U.S.  businesses  historically  choose  domain  names 
ending  in  .com  or  .net  as  their  primary  Web  address. 

Of  the  60  million  domain  names  sold  worldwide, 
about  half  are  in  the  .com  and  .net  domains.  Domain 
names  are  available  in  260  extensions,  including  242 
country  codes,  14  generic  domains  such  as  .com, 
three  industry-specific  domains  such  as  .coop,  and 
.arpa  for  infrastructure  use  only 

“Our  customers  have  a  continuing  interest  in  .com, 

.net  and  .org,”says  Champ  Mitchell,  CEO  of  Network 
Solutions,  a  leading  registrar  of  domain  names  end¬ 
ing  in  .com,  .net  and  many  other  extensions.  “But  if 
you  look  at  the  growth  curves  over  the  last  two  and  a 
half  years,  the  growth  has  been  in  names  ending  in 
[country  codes] .” 

Multinational  corporations  are  buying  more  names  that 
end  in  country  codes  such  as  be  .de  for  their  German 
operations  and  .uk  for  their  operations  in  the  United 
Kingdom. That  trend  is  likely  to  continue  as  various  coun¬ 
tries,  including  France,  Spain  and  China,  make  it  easier  for 
U.S.  businesses  to  purchase  domain  names  with  French, 
Spanish  or  Chinese  country  code  extensions. 

Meanwhile,  domain  names  that  use  non-English- 
language  characters  are  becoming  available  in  extensions 
such  as  .com  and  .info. Coca-Cola  uses  two  domain  names 
to  market  its  products  in  Korea:  One  is  an  English-language 
domain  name  that  ends  in  the  Korean  country  code  .kr; 
the  other  is  a  Hungol  language  version  of  Coca-Cola  that 
ends  in  .com. 

“The  reason  Coca-Cola  is  doing  this  is  to  address  the 
needs  of  the  local  market,”  says  Ben  Turner,  vice  president 
of  VeriSign’s  naming  and  directory  services  group,  which 
operates  the  .com  and  .net  registries.  “We’re  seeing  more 
multinationals  use  internationalized  domain  names  in 
their  billboards.” 

The  new  specialized  extensions  are  coming  whether  U.S. 
businesses  want  them  or  not. 

“1  see  zero  demand  for  new  domain  names  among 
Fortune  500  U.S.-based  companies,”  says  Bret  Fausett,  a 
domain  name  industry  expert  and  partner  with  law  firm 
Hancock,  Rothert  &  Bunshoft.’They  just  don’t  understand 
what  they  would  do  with  yet  another  domain  name.” 

ICANN  watchers  expect  the  group  to  select  up  to  10  new, 
industry-sponsored  top-level  domains  this  summer. 
Whether  these  extensions  will  gather  broad  support 


remains  to  be  seen. 

ICANN’s  track  record  for  introducing  top-level  domains  is 
spotty  In  2000,  the  oversight  body  added  seven  extensions 
—  .aero,  .biz,  .coop,  .info,  .museum,  .name  and  .pro  —  with 
mixed  results. 

“None  of  them  have  been  terribly  successful,”  acknowl¬ 
edges  Mitchell,  whose  company  offers  names  ending  in 
.biz,  .info  and  .name.  “Renewal  rates  are  weak  on  all  of 
them.” 

Of  the  three  existing  industry-sponsored  top-level 
domains  —  .aero,  .coop  and  .museum  —  the  most  suc¬ 
cessful  has  been  .coop,  with  8,200  names. 


Domain  name  numbers 

Traditional  top-level  domains  .com,  .net  and  .org 
continue  to  outdistance  the  newer  domains  that 
are  having  difficulties  attracting  new  registrants. 

Total  number  of  domain  names  sold  worldwide:  60  million 
Primary  domains  for  U.S.  businesses 


Domain 

Names  sold 

In  use 

Renewal  rate 

.com 

24,320,000 

77% 

55%* 

.net 

6,080,000 

77% 

55%* 

■org 

3,000,000 

70%  * 

70%* 

.info 

1,250,000 

66% 

N/A 

.biz 

1,000,000 

34% 

59% 

.us 

750,000 

28% 

67% 

.name 

150,000 

70% 

70% 

.coop 

8,200 

50% 

61% 

.aero 

4,000 

33.5% 

N/A 

.museum 

646 

50% 

N/A 

.pro 

Not  for  sale  yet 

Other  domains  (including  242  country  codes  besides  .us):  23.2 
million  names 
‘Industry  estimate 


However,  despite  marketing  efforts,  the  .coop  registry  has 
sold  names  to  a  fraction  of  the  750,000  cooperative  busi¬ 
nesses  it  targets  worldwide.  Some  of  the  highest-profile 
cooperatives,  such  as  Ocean  Spray  Cranberries,  have  not 
purchased  .coop  names. 

“There  are  750,000  .coops  in  the  world,  but  lots  of  those 
are  in  developing  countries,”  explains  Paul  Hazen,  presi¬ 
dent  and  CEO  of  the  National  Cooperative  Business  Asso¬ 
ciation,  which  runs  the  .coop  registry  “There  are  100,000 
.coops  in  India,  but  most  of  them  don’t  have  a  Web  site  and 
aren’t  going  to  have  one  any  time  soon.” 

One  difficulty  for  the  registries  that  run  industry-spon¬ 
sored  top-level  domains  is  attracting  registrars  to  sell  their 
names.  The  .coop  registry  has  signed  up  five  of  the  190 
ICANN-accredited  domain  name  registrars  worldwide.  In 
contrast,. info  names  are  available  from  115  registrars. 

“It’s  taken  a  while  for  the  registrar  community  to  take 
sponsored  top-level  domains  seriously  because  we  don’t 
have  big  volumes,”  Hazen  says.  “We  hope  that  ICANN 
comes  out  with  new  sponsored  top-level  domains  so  reg¬ 
istrars  will  see  them  as  a  growing  market.” 

Hazen  says  trade  groups  that  propose  new  domain  name 
extensions  should  be  realistic  about  the  potential  market. 
Because  these  extensions  are  controlled,  no  speculating  is 
allowed.  Legitimate  name  buyers  aren’t  compelled  to  buy 
their  names  in  every  domain  for  protective  purposes 
because  no  one  else  is  allowed  to  do  so. 

“When  we  were  setting  up  our  projections  three  years 
ago,  we  were  wildly  optimistic  about  the 
potential  market  and  how  quickly  it  would 
grow’’  Hazen  says. 


The  first  three  industry-sponsored  top-level  domains  are 
not  very  profitable,  either. The  .coop  registry  lost  money  in 
2002,  its  first  full  year  in  business, and  it  returned  a  profit  of 
$50,000  in  2003. 

“Our  challenge  is  to  generate  enough  cash  flow  to  put 
into  our  marketing,”  Hazen  says. 

Similarly,  SITA,  the  global  aviation  IT  and  telecom  solu¬ 
tions  provider,  has  had  limited  success  with  its  .aero  reg¬ 
istry  SITA  has  sold  4,000  names,  and  about  1,500  of  them 
resolve  to  active  Web  sites. 

The  .aero  registry  uses  the  same  abbreviations  —  such  as 
nw  for  Northwest  Airlines  or  jfk  for  John  F  Kennedy  In¬ 
ternational  Airport  —  that  the  aviation  industry  uses. 

The  .aero  registry  is  testing  new  features  that  would 
let  users  type  in  a  flight  number  with  an  .aero  exten¬ 
sion  and  reach  a  Web  page  that  details  the  flight 
arrival  and  departure  times  for  a  given  day  says  Marie 
Zitkova,  .aero  business  manager  for  SITA. 

“How  many  .aero  names  we  will  sell  depends  on 
what  concepts  and  business  ideas  we  identify 
Zitkova  says.“lf  we  just  sell  them  for  airline  or  aviation 
company  names,  we’ll  be  limited.  But  if  we  find  ways 
to  use  structured  [aero]  domain  names  to  identify 
individual  flights  or  planes  we  might  be  able  to  sell 
tens  of  thousands  or  hundreds  of  thousands  of 
names.” 

If  these  kinds  of  new  applications  gain  ground,  cor¬ 
porations  could  face  hefty  domain  name  registration 
bills  each  year.  Specialized  domain  names  sell  for 
about  $100  per  year,  compared  with  $35  per  year  or 
less  for  generic  names  ending  in  .com,. net  and  .info. 

When  ICANN  approved  its  first  industry-sponsored 
top-level  domains,  the  oversight  body  also  intro¬ 
duced  new  generic  extensions,  including  .biz  for 
small  businesses,  .info  for  informational  Web  sites, 
.name  for  individuals  and  .pro  for  professionals  such 
as  accountants  and  lawyers. 

Of  this  group,  only  .biz  and  .info  have  had  success, 
with  each  selling  more  than  1  million  names.  The 
.pro  registry  has  not  yet  launched,  and  the  .name 
registry  has  sold  about  150,000  names. 

“The  large  corporations  already  had  .com  names. 
Whatever  .biz  and  info  names  they  purchased  were 
mostly  for  defensive  purposes,”  ICANN  watcher  Fausett 
says. 

NeuStar,  which  operates  the  .biz  and  .us  registries,  is 
teamed  with  The  Travel  Alliance  as  the  back-end  registry 
provider  on  its  bid  for  the  .travel  extension.  Richard 
Tindal,  vice  president  of  registry  services  with  NeuStar, 
says  U.S.  companies  will  buy  specialized  names  if  the 
registry  provides  additional  services  beyond  a  Web 
address. 

“What  .travel  is  providing  is  a  whole  authentication 
process  and  a  whole  directory  process,”  Tindal  says.  “As  a 
consumer,  if  you  see  a  .travel  name  you  will  know  you  are 
dealing  with  a  legitimate  travel  association  or  a  legitimate 
travel  agency 

Most  domain  name  registries  and  registrars  want  addi¬ 
tional  specialized  domains,  but  they  are  pushing  ICANN  to 
be  more  innovative. 

“We’re  very  supportive  of  the  introduction  of  new  top- 
level  domains  as  long  as  ICANN  lets  the  market  drive  the 
process,"  VeriSign’s  Turner  says.  “Sponsored  [top-level 
domains]  can  work  as  long  as  ICANN  gives  the  registries 
the  freedom  to  set  up  their  businesses  differently 

“There  is  potential  for  top-level  domains  where  the  end¬ 
ing  itself  has  meaning,  like  .kids,”  Network  Solutions’ 
Mitchell  says. 

“If,  for  example,  ICANN  were  to  put  in  standards  that  the 
content  had  to  be  meant  for  kids  . . .  they  might  find  a 
huge  update.  But  ICANN’s  not  thinking  about  that.  They 
don’t  seem  to  be  very  attuned  to  the  nor¬ 
mal  Internet  user  and  what  will  be  useful  to 
them,”  he  says.  ■ 
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VoIP  to  be  scaled  down, 
untethered  at  VoiceCon 


■  BY  TIM  GREENE  AND  PHIL  HOCHMUTH 

Vendors  this  week  at  VoiceCon  will  intro¬ 
duce  IP  gear  designed  to  give  small  and 
midsize  businesses  sophisticated  voice 
and  data  capabilities  while  converging  all 
their  traffic  on  one  network. 

Companies  such  as  3Com,  Siemens  and 
Teltronics  will  show  phones,  PBXs  and  call 
center  gear  at  the  Orlando  event.  NEC  is 
wheeling  out  a  whole  family  of  voice  gear, 
including  products  to  unwire  IP  phones. 

Siemens  is  scheduled  to  display  HiPath 
ProCenter  Agile,  its  new  contact  center 
platform  that  incorporates  presence  to  give 
agents  more  tools  for  summoning  help 
while  talking  to  customers.  Designed  for 
businesses  with  500  to  5,000  employees, 
the  Agile  software  runs  on  Windows  serv¬ 
ers  in  conjunction  with  Siemens  PBXs, 
both  IP  and  TDM. 

The  Agile  screen  display  for  Windows  XP 


server  to  support  features  including  con¬ 
tact  center,  interactive  voice  response,  uni¬ 
fied  messaging  and  call  accounting.  Prices 
depend  on  the  number  of  phones  sup¬ 
ported.  A  system  with  12  analog  phone 
trunks  and  20  phones  costs  $28,000. 

NEC  is  set  to  debut  a  Session  Initiation 
Protocol  (SIP)-based  IP  PBX  server  called 
Univerge  SV7000,  an  appliance  aimed  at 
organizations  with  up  to  1,500  desktop 
phones.  SV7000  supports  SIP-based  appli¬ 
cations,  such  as  presence,  instant  messag¬ 
ing  and  video,  and  400-plus  features  on 
NEC’s  NEAX  PBX,  according  to  NEC.  By 
using  its  own  protocol  encapsulated  in  SIP 
NEC  says  it  has  boosted  the  number  of  fea¬ 
tures  standard  SIP  supports  from  about  40. 
The  SV7000  costs  $475  per  user,  including 
IP  phones. 

NEC  plans  to  launch  three  wireless  de¬ 
vices:  Univerge  WL  2000  Wireless  Con¬ 
troller,  Univerge  WL  1200  access  points  and 


Contact  center  presence 

Siemens’  new  HiPath  ProCenter  Agile  software  for  contact  centers  uses 
presence  technology  so  call  agents  know  who  is  available  to  help  them 
on  calls  requiring  more  knowledge. 


call-agent  workstations  includes  a  Team 
Bar,  which  is  a  string  of  icons  representing 
personnel  assigned  to  assist  agents  with 
calls.  The  icons  indicate  who  the  people 
are,  their  specialties,  where  they  are  and 
whether  they  are  busy.  Agents  get  the 
option  to  call  a  team  member  on  a  voice 
connection,  share  a  screen  of  customer 
information  or  include  the  team  member 
in  a  conference  call  with  the  customer. 

This  is  the  first  such  presence  feature  on 
a  call  center, says  Ken  Landoline.an  analyst 
who  tracks  the  industry  for  Robert  Frances 
Group.“l  can  see  this  as  useful  for  help  desk 
call  centers  where  you  need  access  to  sub¬ 
ject-area  experts,"  he  says. 

Landoline  says  the  presence  feature 
would  be  more  useful  in  larger  contact 
centers  trying  to  maximize  the  use  of  their 
most  knowledgeable  workers.  Siemens 
says  the  feature  has  been  quietly  intro¬ 
duced  as  a  custom  add-on  to  its  larger  call 
center  products  and  will  be  a  standard 
addition  soon. 

Teltronics  plans  to  announce  Cypreon  IP 
PBX  for  up  to  250  phones.The  PBX  is  mod¬ 
ular,  consisting  of  a  Linux-based  controller, 
a  gateway  to  WAN  connections  and  a 


MH  110  Handsets. 

The  WL  2000  is  a  wireless  LAN  switch  that 
can  provide  Power  over  Ethernet  to  the  WL 
1200  access  points,  balance  the  load 
among  the  access  points  and  handle  chan¬ 
nel  assignment  to  the  access  points.  The 
access  controller  also  supports  roaming. 

The  access  points  support  802. 1  la,  b  and 
g  traffic,  and  impose  quality  of  service  to 
give  priority  to  voice  calls  coming  from  MH 
1 10  IP  handsets.The  IP  handsets  support  all 
call  features  on  an  SV7000  IP  PBX,  accord¬ 
ing  to  the  company 

All  the  new  products  except  the 
phones  are  available  now.  The  phones 
are  expected  to  be  available  by  midyear. 

3Com  plans  to  announce  the  3102 
Business  Phone,  a  SIP-based  handset  that 
works  with  the  vendors  VCX  IP  PBX,  tech¬ 
nology  borrowed  from  3Com’s  now- 
defunct  carrier  Softswitch  business. 

The  phone  is  also  compatible  with 
3Coms  small-  and  midsize-site  NBX  IP  PBX. 
The  phones  support  a  G.723  wideband 
audio  codec,  which  3Com  says  provides 
clearer  voice  than  previous  3Com  IP 
phones.The  phone  is  expected  to  be  avail¬ 
able  March  19  for  $310.B 
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■  IBM  next  month  will  begin  ship¬ 
ping  its  pSeries  690  servers  with 
a  faster,  1.9-GHz  Power4+  processor, 
the  company  says.  Further  out  it 
plans  to  offer  a  new  memory  card 
that  will  double  the  amount  of  mem¬ 
ory  the  high-end  systems  can  sup¬ 
port.  The  p690  is  the  most  powerful 
of  IBM’s  pSeries  line  of  Unix  servers 
and  is  available  in  configurations 
ranging  from  eight  to  32  processors. 
Currently  it  supports  up  to  512G 
bytes  of  memory,  but  on  June  25, 

IBM  will  begin  offering  the  systems 
with  a  new,  128G-byte  dual  in-line 
memory  module  card,  increasing  the 
limit  to  IT  byte,  the  company  says. 
Pricing  for  the  1.9-GHz  p690  systems 
will  start  at  $641,783  for  an  eight-way 
server  with  16G  bytes  of  memory 
and  two  236G-byte  disk  drives.  A  32- 
way  system  with  64G  bytes  of  mem¬ 
ory  will  start  at  slightly  more  than  $2 
million.  Servers  based  on  the  1.9- 
GHz  processor  will  be  available 
March  5,  IBM  says. 

■  Dell  last  week  enhanced  its  server 
roster  for  workgroup,  small  and  mid¬ 
size  businesses.  The  company 

released  the  PowerEdge  700 
tower  server  and  the  750  rack 
server  with  support  for  the  latest 
Pentium  4  processors  from  Intel.  The 
new  processors  are  based  on  Intel’s 
Prescott  core  with  double  the 
amount  of  cache  of  previous 
Pentium  4  chips  and  a  faster  front¬ 
side  bus.  The  servers  are  designed 
for  basic  tasks  such  as  file  and  print 
serving  or  Web  applications,  but 
come  with  a  number  of  features  usu¬ 
ally  found  on  more  expensive 
servers,  the  company  says.  For 
example,  the  servers  support  Dell’s 
remote  management  services  that 
let  them  be  configured  over  the 
Internet.  They  also  come  with  multi¬ 
ple  hard  drives  with  support  for 
RAID  technology  that  lets  users 
remove  and  install  hard  drives  with¬ 
out  having  to  reboot  the  machine. 

The  700  starts  at  $699  with  a  2.4GHz 
Celeron.  The  lU-high  750  rack  server 
starts  at  $949  with  the  same  compo¬ 
nents  but  only  two  PCI  slots. 
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■  VOIP  ■  WIRELESS  NETWORKS 


Site: 

I  Town's 


Lessons  from  leading  users 

VoIP  net  delivers  Amber  alert  system 


■  BY  MICHAEL  COONEY 

Few  incidents  can  raise  com¬ 
munity  angst,  awareness  and 
action  like  a  missing-child 
report.So  when  Herndon, Va., had  a 
chance  to  implement  the  national 
child-abduction  warning  system 
known  as  “Code  Amber”  last  fall,  it 
went  all  out,  converging  its  tele¬ 
com,  e-mail  and  data  networks  into 
a  high-speed  VoIP  environment  to 
support  the  new  application. 

“The  project  could  have  been 
done  without  using  VoIP  but  it 
would  have  been  much  more  com¬ 
plicated  and  costly”  says  Bill 
Ashton,  director  of  IT  for  the  town 
of  Herndon.“What  we  were  looking 
for  was  complete  control  of  the 
environment  from  the  phones  to 
the  switches,  and  we  get  that  with 
See  Amber,  page  18 


Getting  the  word  out 


The  town  of  Herndon,  Va.,  has  implemented  a  high-speed  VoIP  network 
that  will  alert  its  personnel  to  local  missing  children  reports  or  other 
emergencies. 
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CodeAmber.org. 
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Cisco  Call  Manager/ 
Unity  software 


Alerts  are  sent  to  municipal 
employees'  Cisco  IP  phones  in  offices 
or  out  in  the  field. The  phones  ring 
with  a  distinctive  sound  and  display 
text  messages.  Employees  can  call 
up  photos  of  victims. 


Novell  previews  business-continuity  cluster 


■  BY  DENI  CONNOR 

Novell  is  expected  to  announce  a  busi¬ 
ness-continuity  product  this  spring  that  lets 
IT  administrators  cluster  as  many  as  four 
geographically  separate  storage-area  net¬ 
works  to  replicate  and  mirror  data  among 
each  other  for  disaster  recovery. 

In  a  Novell  Business  Continuity  Cluster 
Services  implementation,  IT  administra¬ 
tors  can  link  disparate  SANs  to  fail  over  for 
each  other  when  problems  occur.  The 
cluster  requires  NetWare  6.5,  Novell’s 
eDirectory,  DirXML  and  Novell  Cluster 
Services  1.6. 

Travis  Berkley,  manager  of  LAN  services 
for  the  University  of  Kansas  in  Lawrence, 
has  seen  demonstrations  of  the  clustering 
and  replication  technology 

“We  might  use  this  [product]  for  con¬ 
necting  remote  campuses  we  have  for 
replicating  important  PfeopleSoft  data,” 
Berkley  says. 

“If  you  had  remote  offices  in  various  loca¬ 
tions,  you  could  effectively  replicate  them 
hither  and  yon,”  Berkley  says.’That  way  if  a 


branch  office  went  down, you  could  still  do 
business  from  corporate.”  Berkley  has  a 
Xiotech  SAN  connected  to  Novell  NetWare 
servers. 

The  Novell  Business  Continuity  Cluster 
also  provides  a  less-than-5-minute  Recov¬ 
ery  Time  Objective  (RTO)  and  a  0-second 
Recovery  Point  Objective  (RPO)  that 
depends  on  the  type  of  synchronization 
occurring  between  sites.  RTO  covers  how 
long  a  customer  can  afford  to  be  without 
its  applications  and  data;  RPO  measures 
the  amount  of  data  a  customer  can  afford 
to  lose. 

Data  replication  or  mirroring  is  done 
asynchronously  or  synchronously  across 
ATM,  Fibre  Channel,  IP  or  SONET  net¬ 
works,  depending  on  how  much  the  cus¬ 
tomer  has  to  spend,  the  latency  they  can 
tolerate  and  how  distant  the  sites  are  from 
each  other.lt  works  with  host-based,  appli¬ 
ance-based  or  array-based  replication 
products  from  DataCore,  EMC  or  Veritas 
Software,  among  others. 

The  cluster  is  managed  with  iManager 
snapins,  DirXML  drivers  and  scripts. 


IManager  is  a  Web-based  management 
console  that  lets  administrators  manage 
Novell  eDirectory  and  Novell  products. 

The  Business  Continuity  Cluster  also  uses 
Novell’s  Virtual  IP  Address  technology, 
which  lets  the  IP  addresses  from  different 
network  subnets  be  shared  for  failover 
without  confusion  if  they  already  use  the 
same  IP  addresses. 

A  Virtual  File  System  interface  lets  IT 
administrators  create  scripts  that  affect  the 
systems’  failover.in  the  future, the  product  is 
expected  to  conform  to  the  Storage 
Management  interface  Specification. 

Novell’s  Business  Continuity  Cluster 
Services  is  one  of  the  first  multi-way  clus¬ 
tering  and  replication  products. Other  com¬ 
panies  such  as  EMC, HP  and  IBM  offer  repli¬ 
cation  products  that  replicate  data  from 
one  site  to  another.  Xiotech  offers  n-way 
clustering  with  its  Magnitude  3D. 

Novell  is  looking  for  beta  testers  for  this 
product,  which  Ls  expected  to  ship  in  the 
first  half  of  this  year.  If  interested,  you  can 
apply  at  www.nwfusion.com,  DocFinder: 
9935.  ■ 
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TOLLY  ON 
TECHNOLOGY 

Kevin 

Tolly 


Anyone  who’s  followed  The  Tolly  Group 
for  more  than  a  few  months  knows 
that  IT  vendors  often  ask  us  to  con¬ 
duct  competitive  tests  However,  late  last 
year  we  received  a  request  we’d  not 
received  previously  A  technology  provider 
asked  us  to  run  a  test,  made  public  last 
December,  of  Linksys  vs.  Linksys. 

Strange?  Was  it  Linksys  wanting  to  show 
that  its  new  gear  is  better  than  its  old  gear? 
No.  The  test  was  sponsored  by  a  vendor  of 
the  network  processor  that  went  into  one 
of  the  Linksys  boxes  —  but  not  the  other. 

So  who  won?  Well,  Linksys,  of  course. The 
tests  showed  that  the  Linksys  box  contain¬ 
ing  the  sponsor’s  “core”  achieved  almost 


Testing  against  oneself  -  the  component  wars 


95M  bit/sec  of  throughput,  where  the 
Linksys  box  containing  “Brand  X”  hovered 
just  above  20M  bit/sec. 

More  and  more,  box  vendors  pick  and 
choose  hardware  and  software  compo¬ 
nents  from  multiple  vendors.  In  our  exam¬ 
ple,  boxes  that  retail  for  roughly  the  same 
price,  from  the  same  vendor,  have  a 
throughput  ceiling  that  differs  by  a  factor 
of  four. 

As  a  network  manager,  I  breathe  a  sigh  — 
and  not  a  sigh  of  relief.  I  sigh  because  I  real¬ 
ize  1  can’t  just  pick  a  brand  and  stick  with 
it.  1  can’t  just  expect  that  the  newer  model 
will  perform  better  than  the  older  one. With 
the  possibility  of  the  raw  components  for 
each  successive  model  being  sourced  dif¬ 
ferently  I  don’t  know  what  to  expect. 

Bill  of  materials  (BOM)  cost  differences 
of  a  few  dollars  can  determine  which  com¬ 
ponents  go  into  the  next  generation  of 
gear.  After  all,  many  of  these  items,  such  as 
access  points  and  broadband  routers,  will 


be  manufactured  in  huge  volumes.  Then, 
even  small  BOM  cost  differences  add  up. 

Being  unable  to  rely  only  on  brand  name, 
what  is  a  network  manager  to  do?  Even  if 
one  had  the  time  or  interest  in  knowing  the 
subtleties  of  whose  network  processors 
and  software  stacks  were  used  to  build 
each  device,  finding  that  out  isn’t  easy 

I  don’t  remember  seeing  a  single 
datasheet  (yet)  that  referenced  the  under¬ 
lying  network  processor,  let  alone  the  vari¬ 
ous  software  stacks  involved. 

For  our  tests,  the  only  way  we  could  know 
for  sure  which  network  processor  was 
being  used  was  to  pry  open  the  box 
(which  often  voids  whatever  warranty 
existed)  and  scan  the  markings  on  the 
chips.  Finding  out  the  genesis  of  the  soft¬ 
ware  components  is  often  difficult,  if  not 
impossible. 

And  don’t  expect  the  box  vendors  to 
help.  In  the  industry  it  is  a  well-known  fact 
that  most  vendors  of  low-end  gear  build  lit¬ 


tle  or  none  of  it  themselves  (there  are 
exceptions).  Vendors,  though,  have  no 
interest  in  users  getting  the  impression  that 
their  product  line  is  nothing  but  a  mish¬ 
mash  of  components  of  varying  quality 
from  a  frequently  changing  list  of  vendors. 

End  users  like  to  feel  that  a  given  box 
brand  gives  them  consistency  Our  “Linksys 
vs.  Linksys”  testing  illustrates  that,  even  with 
leading  brands,  that  is  not  the  case. 

So  long  as  users  ignore  this  situation,  the 
box  vendors  will  be  happy  It  is  interesting, 
though,  to  see  that  while  the  box  vendors 
do  very  little  competitive  testing,  their 
component  vendors  are  determined  that 
stark  performance  differences  become  vis¬ 
ible  to  the  public.  If  not  directly  to  the  end 
user,  then  indirectly  to  the  box  vendors. 

Tolly  is  president  of  The  Tolly  Group ,  a 
strategic  consulting  and  independent  testing 
company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@toIly.com. 
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Amber 
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our  implementation.” 

In  a  nutshell,  the  fiber-based 
network  is  spread  over  seven 
locations  and  is  anchored  by  12 
Cisco  3550  switches,  four  Cisco 
2950  Catalyst  switches  and  one 
Cisco  6509  switch.  Inside  the 
buildings,  the  network  supports 
200  desktops  linked  to  100M 
bit/sec  LANs,  and  connections 
between  the  buildings  operate 
at  gigabit  speeds, Ashton  says.  All 
the  town’s  200-plus  employees 
have  Cisco  7940  or  7960  IP 
phones. 

Herndon  bought  the  Code 
Amber  system  from  software 
vendor  AAC  and  worked  with 
systems  integrator  Reliable 
Integration  Services  to  imple¬ 
ment  the  project.  Both  compa¬ 
nies  are  based  in  Vienna,Va. 

How  it  works 

According  to  Ashton,  the  sys¬ 
tem  works  as  follows:  the  town 
of  Herndon  network  receives 
alerts  from  CodeAmber.org,  an 
Internet  clearinghouse  for  nat¬ 
ional  missing-child  news.  The 
network  filters  the  alerts 

'rough  a  database  to  cull  infor¬ 
mation  of  interest  to  the 
Herndon  region,  and  news  of 
relevant  cases  are  sent  to 
municipal  employees’  Cisco  IP 
phones. The  phones  ring  with  a 
distinctive  tone  that  sounds  like 
a  siren, and,  within  seconds,  text 


messages  appear  on  the 
phones’  screens.  In  turn,  em¬ 
ployees  can  quickly  call  up  pho¬ 
tos  of  victims  and  suspects,  and 
other  pertinent  information. 

The  idea,  Ashton  says,  is  that 
Herndon  road  crews,  trash  col¬ 
lectors,  building  inspectors  and 
parks-and-recreation  workers 
make  up  a  field  force  frequently 
numbering  six  times  that  of  the 
local  police  force,  so  a  wider 
network  of  people  can  be  on 
the  lookout  for  missing  children. 

Ashton  says  the  system  ulti¬ 
mately  will  push  alerts  to  all 
municipal  employee  desktops 
and  the  town  of  Herndon’s 
external  Web  sites,  for  access  by 
citizens. 

The  Amber  alert  system  is  a 
partnership  between  local 
municipalities,  law-enforcement 
agencies  and  broadcasters  to 
activate  an  urgent  bulletin  in  the 
most  serious  child-abduction 
cases.  According  to  CodeAmber 
.org,  broadcasters  use  the 
Emergency  Alert  System  (EAS) 
to  air  a  description  of  a  missing 
child  and  suspected  abductor. 
The  system  has  grown  in  use 
across  the  US.:0n  Dec.  3 1,2002, 
20,670  Web  sites  displayed  the 
Code  Amber  ticker.  As  of  Dec.  30, 
2003,  more  than  97,000  Web  sites 
and  desktops  were  displaying 
the  Code  Amber  information, 
according  to  CodeAmber.org. 

The  savings 

Aside  from  offering  the  com¬ 
munity  of  Herndon,  which  has  a 
population  of  22,500  and  sits 


about  20  miles  west  of  Wash¬ 
ington,  D.C.,  a  state-of-the-art 
Code  Amber  system,  the  new 
network  has  shaved  about  30% 
off  the  town’s  telecom  costs  by 
eliminating  many  leased-line 
charges,  Ashton  says. 

It  has  saved  in  other  ways  too, 
Ashton  notes. “We  had  eight  dif¬ 
ferent  e-mail  systems,  multiple 
voice  systems  and  a  massive 
phone  bill.  Now  we  can  have  a 
much  more  simplified  and  effi¬ 
cient  environment,”  he  says. 

Specifically  the  town  imple¬ 
mented  Cisco’s  Unity  Unified 
Messaging  software,  which  can 
combine  Cisco  voice  mail  with 
messaging  products  on  one 
screen. 

The  new  infrastructure  also 
has  provided  a  variety  of  other 
applications.  For  example,  the 
town  government  has  launched 
automated  voice  assistance  that 
is  available  to  callers  24  hours  a 
day  Citizens  access  department 
employee  directories,  and  gov¬ 
ernment  colleagues  use  simpli¬ 
fied,  four-digit  dialing  among 
agencies.  Because  voice  and 
data  networks  are  converged, 
registration  for  parks  and  recre¬ 
ation,  and  credit  card  approval 
for  other  government  programs 
can  take  place  more  quickly 
and  outside  regular  business 
hours. 

The  municipality  also  plans  to 
launch  a  system  that  lets  em¬ 
ployees  receive  EAS  alerts  of 
weather  developments  or  terror¬ 
ist  threats  via  telephone  and 
computer.  ■ 


SonicWall  intrusion- 
prevention  service  on  tap 


■  BY  TIM  GREENE 

SonicWall  is  adding  intrusion 
prevention  to  its  IPSec  VPN  and 
firewall  appliances,  offering  users 
a  way  to  protect  small  and  mid¬ 
size  businesses  as  well  as  branch 
offices  from  multiple  security 
threats  using  a  single  device. 

By  midyear,  the  company  will 
introduce  Intrusion  Prevention 
Service,  an  offering  that  consists 
of  installing  and  updating  soft¬ 
ware  that  guards  against  Web- 
based  attacks  of  its  appliances, 
from  small  office/home  office 
boxes  to  1G  bit/sec  gear  for  large 
corporate  sites. 

Customers  sign  up  for  the  ser¬ 
vice,  and  SonicWall  pushes  an  ini¬ 
tial  intrusion-signature  library  to 
the  devices.  As  new  attack  signa¬ 
tures  are  identified,  SonicWall 
adds  these  additional  signatures. 
The  service  ranges  from  $500  per 
year  for  the  low-end  TZ170  appli¬ 
ance,  to  $1,500  per  year,  per 
device,  for  the  PRO  5060  platform. 

Other  vendors,  notably  Check 
Point,  Fortinet  and  NetScreen 
Technologies,  already  have 
added  intrusion  prevention  to 
their  firewall/VPN  products.There 
are  variations  among  what  these 
vendors  offer,  but  each  adds  pro¬ 
tection  beyond  traditional  net¬ 
work-layer  firewalls. 

Multi-function  security  plat¬ 
forms  are  important  for  firms 
that  want  intrusion  prevention 
but  don’t  want  the  burden  of 
managing  separate  hardware 


and  software  dedicated  to  the 
task,  says  Ryan  McConky,  net¬ 
work  engineer  for  medical  Web 
site  WebMD.  For  corporate  sites, 
he  has  worked  out  an  intrusion- 
prevention  platform  of  his  own 
that  is  based  on  Snort  open 
source  intrusion-detection  soft¬ 
ware,  but  it  requires  expertise 
and  time  that  make  it  unsuitable 
for  rolling  out  to  all  WebMD  doc¬ 
tors’  offices.  “Dropping  some¬ 
thing  like  Snort  into  a  doctor’s 
office  would  be  a  nightmare  to 
manage,”  he  says. 

The  eventual  addition  of  intru¬ 
sion  prevention  began  last  year 
when  SonicWall  announced 
improved  hardware  that  had 
more  processing  power  than  it 
needed  to  handle  firewalling 
and  VPNs.  The  plan  was  to  add 
more  applications  such  as  intru¬ 
sion  prevention  and  already- 
announced  anti-virus  and  con¬ 
tent  filtering.  SonicWall  says 
there  is  enough  processing 
power  remaining  for  more  appli¬ 
cations  it  plans  to  add  in  the 
future,  such  as  anti-spam  soft¬ 
ware  and  patch  management. 

SonicWall  acknowledges  that 
its  boxes  cost  more  than  dedicat¬ 
ed  firewall/VPN  gear  that  cannot 
be  upgraded.  It  argues  that  pay¬ 
ing  a  premium  upfront  can  save 
money  down  the  road  if  cus¬ 
tomers  decide  to  add  more  secu¬ 
rity,  such  as  intrusion  prevention. 
The  supplemental  security  can 
be  added  to  the  SonicWall  gear 
incrementally.® 


WHEN  IT  COMES  TO  ITANIUM  SERVERS, 
EVERYONE  ELSE  FOLLOWS. 

introducing  the  fastest,  most  innovative  Itanium  2  servers  from  NEC  Solutions  America. 


When  it  comes  to  Itanium* 2  servers,  no  one  has  more  experience  than  NEC.  NEC's  Express5800/1000  servers 
use  Intel*  CPU  technology  combined  with  NEC's  own  platform  to  create  the  fastest  32-way  Itanium  2  server 
available.  With  the  advanced  processing  power  of  the  Itanium  2  chip,  the  Express5800/1 000  performs  up 
to  30%  faster  than  most  RISC  servers,  yet  it's  about  one-third  of  the  cost.  With  90%  of  the  leading  database 
applications  available  for  Itanium  2,  the  Express5800/1 000  will  also  dramatically  increase  the  performance 
of  your  data  center.  NEC's  Express5800/1 000  delivers  competitive  server  pricing,  high-speed  processing,  and 
high  scalability  across  your  network. 
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Network  certification  choices  grow  with  Cisco 


■  BY  PHIL  HOCHMUTH 

Cisco  certifications,  such  as  Cisco  Certified  Inter¬ 
network  Engineer  and  Cisco  Certified  Network 
Professional,  have  become  sought-after  credentials 
for  most  network  professionals.They  also  are  required  lev¬ 
els  of  competency  that  many  CIOs  and  other  IT  execu¬ 
tives  look  for  when  hiring  staff. 

Some  say  the  slew  of  Cisco  certifications  has  become 
an  alphabet  soup  of  titles,  and  others  add  that  no  piece  of 
paper  outweighs  experience  and  intelligence. 

This  year  marks  the  10th  anniversary  of  Cisco’s  certifi¬ 
cation  and  education  program,  which  started  with  the 
CCIE  examination.  More  than  500,000  Cisco  certifica¬ 
tions  have  been  issued  since  the  program  was  started  — 
that’s  about  one  Cisco-certified  professional  for  every 
four  of  the  approximately  2  million  Cisco  routers 
installed. 

Cisco  is  very  different  than  it  was  10  years  ago,  and  that 
has  caused  the  company’s  training  and  certification  orga¬ 
nization  to  evolve  as  well.  What  started  as  a  test  of  users’ 
knowledge  of  WAN  routers  and  protocols  now  includes 
switching,  security,  wireless,  telephony  and  storage. 

“One  part  of  how  we  approach  our  programs  is  to  look 
at  the  demand,”  says  Don  Field,  senior  manager  of  core 
technologies  for  Cisco’s  Internet  learning  solutions 


I  (Cisco  certification  is 
important.  But  it's 
definitelyjustafootin 
the  door.  9 1 
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group.  He  says  that  as  Cisco  adds  technologies  to  its 
portfolio,  new  certifications  evolve  from  user  and  chan¬ 
nel  partner  demand.  And  while  Cisco’s  certification 
offerings  grow,  some  programs  get  scaled  back.  For 
example, Ciscos  SNA  IP  certification  was  phased  out 
several  years  ago  after  most  corporations  migrated  off 
SNA  networks,  Held  says. 

CCIE  is  the  highest  level  of  Cisco  certification.lt  repre¬ 
sents  “the  upper  echelon  of  networking  experts  world¬ 
wide,”  Cisco’s  Web  site  says. 

“Six  years  ago,  when  first  introduced  stepping-stone 
certifications  to  validate  skills  along  the  way  to  reaching 
the  ultimate  objective  of  being  a  CCIE,”  Field  says.These 
include  the  CCNP  and  Cisco  Certified  Network 
Associate  (CCNA)  certifications.  Each  of  these  levels 
also  has  two  to  four  subsets,  such  as  specializations  in 
routing  and  switching,  security  and  voice. 

Also  available  are  four  paths  for  certification:  design, 
installation  and  support,  security,  and  service  provider 
specialization.  Many  of  these  specialized  certifications 
are  aimed  at  channel  partners,  integrators  and  resellers 


of  specific  products,  and  Cisco  requires  them  to  obtain 
various  levels  of  channel  partner  support  and  status. 

Hiring  weight 

So  how  much  weight  do  all  these  titles  and  certifica¬ 
tions  have  with  users? 

“I  require  certification  of  anyone  I  hire,”  says  Vaas  John¬ 
son,  director  of  network  systems  at  the  Wake  County 
School  District  in  North  Carolina.“Basically  it’s  assur¬ 
ance  for  us  that  the  folks  who  are  doing  configuration 
and  management  of  network  equipment  know  what 
they’re  doing.” 

For  the  school  district’s  network  support,  installation 
and  management  tasks,  the  county  hires  contractors,  who 
are  under  Johnson’s  supervision. The  last  four-year  con¬ 
tract  that  went  out  to  bid  called  for  four  network  engi¬ 
neers,  one  of  them  having  a  CCIE,  with  the  others  re¬ 
quired  to  have  a  CCNA  or  better  level  of  certification. 

“I  was  active  in  getting  that  specific  language  put  in  the 
contracts,”  Johnson  says.“From  the  experience  we’ve  had, 
the  certification  is  very  positive.  It  carries  some  weight 
with  us.  It  demonstrates  proficiency  with  the  equipment 
and  shows  the  ability  to  learn  and  stay  current.” 

For  network  staff  and  administration  professionals,  the 
development  of  lower-level  certifications  has  become  a 
good  way  for  users  to  quantify  and  validate  knowledge 
accumulated  from  years  of  experience  with  Cisco 
equipment. 

Because  no  formal  coursework  is  required  to  take  any 
of  the  certification-related  courses,  users  can  study  and 
take  tests  at  their  own  pace. 

“Most  of  the  stuff  I  already  learned  on  the  job,”  says 
Craig  Cuthbert,  a  network  engineer  at  Sierra  Nevada,  a 
manufacturer  of  aviation  equipment  in  Sparks,  Nev.,  dis¬ 
cussing  the  recent  CCNA  exam  he  took  —  and  passed.“I 
crammed  for  it  in  about  a  week,  then  just  went  in  and 
took  it.” 

Cuthbert  says  he  did  buy  some  books  and  studies,  be¬ 
cause  some  material  in  the  exam  covered  areas  he  does 
not  deal  with  directly  such  as  Layer  3  routing  and  WAN 
protocols. 

He  says  the  tests  are  useful  not  just  for  padding  a 
resume  but  also  for  forcing  users  to  look  at  technology 
areas  that  might  be  outside  what  is  in  front  of  them 
every  day 

On  a  need-to-know  basis 

“In  order  to  get  the  certification, you  need  to  know  it,” 
Cuthbert  says.“It  forces  you  to  know  what  else  is  out 
there  and  not  just  concentrate  on  your  one  little  area  or 
specialty’ 

Although  the  amount  of  certifications  available  are 
good  for  people  interested  in  a  specialty, Wake  County’s 
Johnson  says  he  prefers  certifications  with  a  broad  base 
of  knowledge. 

“It’s  not  helpful  for  management  people  on  making  hir¬ 
ing  decisions,” says  Johnson  of  the  alphabet  soup  of  Cisco 
certifications.'Td  rather  have  someone  with  a  breadth  of 
knowledge.  If  someone  has  a  more  broad  certification, 
that  means  they  have  the  resources  to  get  the  answers 
they  might  need.They  should  be  able  to  figure  it  out  if 
they  have  that  level  of  thinking  talent.” 


Cisco  certification  ABCs 

The  number  of  titles  available  to  users 
interested  in  being  certified  in  various  Cisco 
technologies  has  grown  over  the  years. 

Cisco  Certified  Internetwork  Expert 

The  highest-level  certification,  involving  a  two-hour 
computer-based  test  and  an  eight-hour  hands-on  lab 
test  Less  than  3%  of  users  seeking  the  title  pass  the 
tests.  CCIE  now  offers  several  specializations: 

•  Routing  and  switching. 

•  Security. 

•  Service  provider. 

•  Voice. 

Cisco  Certified  Network  Professional 

This  step  below  CCIE  certifies  journeyman  network 
competency  and  also  has  developed  several  sub¬ 
categories: 

•  Design  Professional:  Certifies  knowledge  of  mid¬ 
size  network  design. 

•  Internetwork  Professional:  Certification  for  service 
provider  professionals. 

•  Security  Professional:  Certification  of  knowledge 
for  securing  Cisco  networks. 

Cisco  Certified  Network/Design  Associate 

Certifies  basic  network  design  and  operational  skills. 

Qualified  specialists 

Cisco  also  now  offers  these  product-focused 
certifications: 

•  Access  routing  and  LAN  switching. 

•  Cable  communications. 

•  Content  networking. 

•  IP  telephony. 

•  Multiservice  switching. 

•  Network  management. 

•  Optical. 

•  Public  access. 

•  VPN  and  security. 

•  Wireless  LAN. 


To  other  IT  executives  with  Cisco-based  infrastructures, 
certifications  are  one  of  many  criteria  for  choosing  staff. 

“Cisco  certification  is  important,” says  Phil  Go,  CIO  of 
construction  company  Barton  Malow  in  Southfield,  Mich. 
“But  it’s  definitely  just  a  foot  in  the  door”  Like  any  form  of 
training  or  education,  a  Cisco  certification  is  considered 
along  with  a  person’s  experience  and  background. 

“The  most  important  thing  is  the  actual  performance, 
the  actual  work  that  someone  has  done  —  whether  that 
person  is  a  [CCIE]  or  not,”  Go  says.There’s  no  substitute 
for  actual  experience.  At  end  of  the  day  it’s  really  the  re¬ 
sults  that  are  being  delivered  by  the  person  and  the  type 
of  value  they  add  the  organization.”  ■ 


and  easily  to  protect  your  critical  data,  with  no  need  to 
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For  more  information  and  to  download  our  White  Paper, 
“Overcoming  Common  Firewall  Limitations,”  visit 
www.lucent.com/better-firewall. 
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Lucent  VPN  Firewall  Brick® 
Models  20,  80  &  1100  shown 
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Developing  a  device  that  connects  the  world.  Testing  the 
water  to  make  sure  it  stays  clean.  Discovering  a  cure  that 
keeps  the  world  safe.  They  all  require  the  same  thing:  the 
right  tools. 

With  Agilent  we  make  sure  you  have  them.  Our  experience 
in  the  fields  of  electronics,  communications,  life  science 
and  chemical  analysis  gives  us  a  unique  perspective 
shared  by  no  other  company  in  the  world.  And  we  build 
that  expertise  into  every  product  we  make,  from  integrated 
test  and  measurement  solutions  to  advanced  technologies 
and  breakthrough  components. 

So  whether  you're  a  titan  of  industry  or  on  the  verge  of 
becoming  one,  trust  the  high-tech  toolmakers  at  Agilent. 


www.agilent.com 


We'll  help  make  you  stronger. 


;.Q;  Agilent  Technologies 


dreams  made  real 
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■  PORTALS  ■  MESSAGING/GROUPWARE 

■  E-COMMERCE  ■  SECURITY 

■  MIDDLEWARE  ■  DIRECTORIES 

■  NETWORK  AND  SYSTEMS  MANAGEMENT 

■  WEB  SERVICES 


Accellion  to  manage  e-mail  attachments 


Attachment  offload 


Accellion’s  Attachment  3.5  combines  hardware  and  software  to  help 
reduce  network  traffic  and  storage  concerns  created  by  sending 
attachments  in  e-mail. 
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O  User  1  sends  at-  ©  Attachment  is  ©  User  1’s  e-mail  ©  Attachment  is  0  User  2  clicks  on  attach- 

tachment  using  sent  to  the  Accel-  message  is  sent  replicated  be-  ment  link  in  an  e-mail 

Accellion  Attach-  lion  device  on  the  through  the  e-mail  tween  Accellion  and  downloads  the  at- 

ments  3.5  client  network  closest  server,  including  appliances.  tachment  from  nearest 

software.  to  User  1.  link  to  attachment.  Accellion  device. 


■  BY  JOHN  FONTANA 

With  the  proliferation  in  volume  and  size 
of  attachments  taxing  e-mail  systems,  Ac¬ 
cellion  is  introducing  an  updated  version 
of  its  caching  and  management  appliance 
designed  to  boost  network  performance 
and  let  companies  consolidate  servers. 

The  Accellion  Attachments  3.5  offloads 
e-mail  attachments  on  to  a  separate  device 
before  e-mail  moves  over  the  network, 
which  reduces  network  traffic  and  lets 
companies  reduce  the  amount  of  storage 
space  needed  on  e-mail  servers.  With  less 
storage  needed,  companies  can  consoli¬ 
date  more  users  on  fewer  servers. 

Version  3.5,  which  is  compatible  with  Mi¬ 
crosoft  Outlook  and  Lotus  Notes,  includes 
a  fingerprint  feature  that  definitively  links  e- 
mail  and  attachments  to  ensure  compli¬ 
ance  with  regulatory  mandates.  A  harvest¬ 
ing  tool  moves  attachments  stored  in  in- 


■  NetPro  last  week  unveiled  two  tools 
as  part  of  its  plan  to  evolve  from  its 
directory  management  roots  to  pro¬ 
vide  companies  with  software  for 
managing  distributed  infrastructure 
services.  NetPro  introduced  Change- 
Auditor  for  Active  Directory  and 
MissionControl  for  Microsoft 
identity  Integration  Server.  Both 
tools  are  expected  to  ship  in  May. 
NetPro  says  ChangeAuditor  captures 
in  real  time  who  made  changes;  what 
was  changed  including  the  original 
data;  when  the  change  was  made; 
where  the  change  was  made  from; 
and  why  it  was  made.  MissionControl 
for  MIIS  is  Microsoft’s  meta-directory 
technology  and  the  foundation  for 
forthcoming  provisioning  tools.  The 
NetPro  software  gives  a  view  of  the 
meta-directory  and  all  the  connected 
systems  and  lets  users  diagnose  and 
troubleshoot  problems.  The  software 
also  reports  on  configuration  changes, 
monitors  service-level  agreements 
connected  to  MIIS  and  allows  for 
capacity  planning.  NetPro's  Change- 
Auditor  costs  $12  per  user.  Mission- 
Control  for  MIIS  has  not  been  priced. 


boxes  to  the  Accellion  device.  Also  includ¬ 
ed  is  a  bill-back  feature,  which  lets  depart¬ 
ments  track  and  bill  for  usage. 

“So  much  business  is  done  via  e-mail  that 
having  the  ability  to  reduce  network  traffic 
is  keyf  says  Brian  Babineau,  research  ana¬ 
lyst  for  Enterprise  Storage  Group. 

“If  I  can  offload  the  attachments,  I  can 
avoid  costs  on  the  storage  side  and  get  a 
performance  savings  on  the  other  side,”  he 
says.  Babineau  says  attachment  manage¬ 
ment  will  be  a  necessary  feature  to  have  in 
networked  collaboration  products.  For 
instance,  Microsoft  is  adding  archiving  fea¬ 
tures  to  its  instant-messaging  software  Live 
Communications  Server.  Others  such  as 
C2C,  Educom  and  KVS  also  develop 
archiving  software,  but  Accellion  is 
focused  on  managing  attachments. 

A  recent  Osterman  Research  survey 
shows  that  the  increased  use  of  attach¬ 
ments, their  expanding  size  and  the  storage 
requirements  are  some  of  the  most  serious 
problems  facing  corporate  messaging  sys¬ 
tems.  To  address  the  problems,  Accellion 
uses  both  hardware  and  software  as  part  of 
Attachments  3.5.The  hardware  acts  as  stor¬ 
age  points  across  the  network  and  inte¬ 
grates  with  directories  that  support  Light¬ 
weight  Directory  Access  Protocol.  The  di¬ 
rectory  is  used  to  determine  where  users 


■  BY  DENISE  DUBIE 

Two  vendors  recently  upgraded  products 
that  promise  to  help  network  executives 
identify  potential  threats  and  reduce  the 
effects  of  vulnerabilities  on  revenue-gener¬ 
ating  applications. 

Security  information  management  (SIM) 
vendors  Intellitactics  and  OpenService 
separately  released  products  last  week  that 
could  help  users  integrate  security  into 
current  management  and  application  soft¬ 
ware  infrastructure.  The  integration  is  nec¬ 
essary  as  more  government  regulations 
such  as  the  Health  Insurance  Portability 
and  Accountability  Act  and  the  Sarbanes- 
Oxley  act  emerge  and  require  companies 
maintain  an  audit  trail  for  network,  man¬ 
agement  and  security  data. 

“Security  isn’t  just  about  shielding  the 


download  their  attachments. 

The  software  plugs  into  client  interfaces 
and  adds  a  button  to  the  tool  bar  that  lets 
the  user  add  attachments  to  the  e-mail. 


network  from  threats.  It’s  about  account¬ 
ability  as  well,”  says  Rich  Ptak,  president  of 
Ptak,  Noel  &  Associates,  an  analyst  research 
firm.  “Management  personnel  now  more 
than  ever  need  to  document  and  prove 
that  they  have  taken  adequate  steps  to  pro¬ 
tect  their  infrastructure  and  assets.” 

SIM  software  automates  the  collection  of 
event  log  data  from  security  devices,  help¬ 
ing  users  make  sense  of  it  through  a  com¬ 
mon  management  console.  The  products 
use  data-aggregation  and  event-correlation 
features  similar  to  those  found  in  network 
management  software,  and  apply  them  to 
event  logs  generated  by  firewalls,  proxy 
servers,  intrusion-detection  systems  (IDS) 
and  anti-virus  software. 

Specifically,  Intellitactics  unveiled  its 
Network  Security  Manager  (NSM)  5.0, 
See  Security,  page  24 


When  the  e-mail  is  sent,  the  attachment  is 
shipped  to  the  Accellion  appliance  and 
not  to  the  e-mail  server.  A  link  is  added  to 
the  e-mail  and  the  recipient  clicks  on  the 
link  to  download  the  attachment.  Attach¬ 
ments  also  can  be  viewed  in  a  Web  brow¬ 
ser  and  users  can  store  select  attachments 
on  their  hard  drive  separate  from  the  e-mail 
software  for  use  off  line. 

Attachments  3.5  is  for  use  with  internal 
and  outgoing  e-mail  but  will  not  strip 
attachments  from  in-bound  e-mail  from 
external  users. 

“Companies  can  get  five  to  10  times  more 
users  on  a  server  after  stripping  out  attach¬ 
ments,”  says  Yorgen  Edholm,  CEO  of  Ac¬ 
cellion.  “And  back-up  operations  are  faster 
because  you  have  smaller  messages.”  The 
software  also  includes  filters  for  determin¬ 
ing  the  types  and  sizes  of  attachments  that 
Attachments  3.5  will  handle. 

Attachments  3.5  also  supports  compres¬ 
sion  to  ease  file  transfer  and  encryption 
and  Secure  Sockets  Layer  for  secure  trans¬ 
fer  of  files  from  e-mail  clients  and  among 
Accellion  devices. 

The  software  is  available  this  week  and 
is  priced  starting  at  $30  per  client-side 
agent.  The  server  appliance,  which  can 
include  up  to  120G  bytes  of  storage, 
comes  in  three  versions,  the  caching  ver¬ 
sion  costs  $8,000;  the  gateway,  $20,000;  and 
the  controller.  $40,000.  ■ 


Software  helps  battle 
network  security  threats 


3/1/04 


Enterprise  Applications 


’ll  FT 

INSIDER 

Scott 

Bradner 


Yet  another  group  has  seized  on  radio 
frequency  identification  as  the  solu¬ 
tion  to  one  of  its  problems  while  care¬ 
fully  avoiding  even  thinking  about  the  pri¬ 
vacy  aspects.This  time  it’s  the  U.S.Food  and 
Drug  Administration,  which  should  know 
better. 

The  FDA  has  been  concerned  with  the 
potential  problem  of  counterfeit  drugs  for 
quite  a  while.  It  does  not  think  there  is  cur¬ 
rently  too  much  of  a  problem  in  the  U.S. 
(other  than  when  people  buy  their  perfor¬ 
mance-enhancing  and  other  pills  from 
Internet-based  drug  distributors),  but  is 
worried  about  what  the  future  might  bring. 
You  might  have  noticed  that  the  FDA  has 
used  the  potential  of  counterfeit  drugs  as 
one  of  its  main  arguments  against  letting 


Privacy  as  an  afterthought 


people  (and  cities  and  states)  import  drugs 
from  Canada.  This  is  a  big  issue  for  the 
organization. 

The  FDA  created  an  internal  (not  public) 
Counterfeit  Drugs  Task  Force  last  July  to 
look  into  some  aspects  of  the  issue.  After 
holding  some  public  meetings  and  visiting 
various  relevant  sites,  the  task  force  pub¬ 
lished  an  interim  report  in  October.  A  final 
report  was  published  in  mid-February  that 
takes  into  account  comments  the  task 
force  received  during  the  process  (see 
www.nwfusion.com,  DocFinder:  9930). 

The  final  report  explores  and  mostly  dis¬ 
misses  a  number  of  alternative  ways  to 
reduce  the  possibility  that  counterfeit 
drugs  will  reach  consumers  but  then  goes 
all  weak-kneed  about  the  potential  for 
RFID  tags  to  mostly  solve  the  problem. The 
group  does  acknowledge  “there  is  no  sin¬ 
gle  ‘magic  bullet’  technology”  that  will  do 
the  trick,  but  seems  to  forget  that  when  it 
talks  about  how  RFID  can  be  used  to  track 
“all  drugs”  from  producer  to  consumer. 

The  FDA  proposes  to  subject  the  drug 


industry  to  “mass  serialization”  (I’ll  forgo 
referring  to  the  images  that  come  to  mind 
when  I  read  that  term).  The  organization 
wants  to  assign  a  unique  number  to  every 
“pallet, case  and  package” of  drugs, and  use 
that  number  “to  record  information  about 
all  transactions  involving  the  product.”The 
FDA  says  this  “would  allow  each  drug  pur¬ 
chaser  to  immediately  determine  a  drug’s 
authenticity  where  it  was  intended  for  sale 
and  whether  it  was  previously  dispensed.” 
In  other  words,  the  agency  wants  to  create 
a  vast  database  of  the  life  history  of  each 
bottle  of  pills. 

Sadly,  but  not  unexpectedly  the  word  “pri¬ 
vacy"  appears  only  once  in  the  16,000-word 
report.  That  one  reference  reads  “lastly 
stakeholders  will  need  to  ensure  that  they 
comply  with  the  patient  privacy  provisions 
of  the  Health  Insurance  Pbrtability  and 
Accountability  Act.” That  admonition  does 
not  exactly  show  any  real  thought  was 
given  to  the  privacy  ramifications  of  such  a 
database. 

I  expect  few  people  would  be  happy  to 
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know  that  a  full  history  of  all  the  drugs 
they  and  their  family  have  ever  used  will 
be  sitting  waiting  for  the  hacker,  dishonest 
employee  or  insurance  company  to 
peruse  and  publicize.  I’m  not  all  that  sure 
that  the  pharmaceutical  industry  which 
has  voiced  strong  support,  really  wants 
investigators  to  be  able  to  find  out  how  to 
shut  down  the  vast  black  market  in  drugs 
or  to  be  able  to  clamp  down  on  unap¬ 
proved  uses  for  their  products.This  would 
cut  down  significantly  on  their  profits. 

Just  a  terse  listing  of  the  privacy  issues 
with  this  proposal  would  be  longer  than 
the  FDA  report.  I  hope  somehow  the  FDA 
gets  the  message.The  press  has  not;  Google 
News  finds  no  stories  about  this  report  that 
mention  privacy 

Disclaimer:  Harvard  folk  tend  to  be  better 
at  sending  than  getting  messages,  but  the 
above  message  is  mine,  not  the  university’s. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


Security 

continued  from  page  23 

which  now  includes  features  that  deter¬ 
mine  the  potential  threat  of  events  or 
alerts  on  security  devices.  With  customiza¬ 
tion,  the  software  also  can  let  a  network 
manager  know  if  a  security  event  will 
affect  a  specific  application  or  depart¬ 
ment.  The  company  says  its  engineers  in¬ 
corporated  knowledge  about  the  cause  of 
security  alerts  into  the  product  so  that  it 
could  more  quickly  determine  the  cause 
of  threats. 

For  example, if  an  IDS  such  as  Cisco’s  IDS 
4250  appliance  or  Internet  Security  Sys¬ 
tems’  Proventia  A201  generates  an  event, 
NSM  5.0  would  analyze  the  origins  of  the 
alarm,  its  destination  and  potential 
impact,  essentially  narrowing  down  the 
causes  before  it  passes  it  over  to  IT  staff. 

The  release  also  lets  security  managers 
customize  the  level  of  attention  a  secu¬ 
rity  alert  should  garner,  based  on  the 
device  and  the  lines  of  business  it  sup¬ 
ports.  For  example,  for  an  online  retailer, 
an  event  on  the  firewall  in  front  of  an 
ordering  system  might  take  precedence 
over  a  string  of  events  on  an  IDS  box  at 
a  remote  office.  Intellitactics  also  added 
more  storage  capacity  to  NSM  5.0,  which 
the  company  says  provides  space  for 
unaltered  log  files  that  need  to  be  pre¬ 
served  in  order  to  comply  with  regula¬ 
tions. 

NSM  5.0  costs  about  $200,000  for  an 
entry-level  implementation. 

'  leanwhile  OpenService  also  had  busi¬ 
es  in  mind  when  it  upgraded  its  Secur- 
Threat  Manager  (STM)  software.Version 

.0  of  the  company’s  flagship  software  in- 
;des  a  feature  that  evaluates  the  threat 
I'  .  •  of  the  attack,  the  target  of  the  attack 
a  ;  the  effect  on  business  the  attack 
could  have. Other  new  features  include  an 
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escalation  process  that  would  help  secur¬ 
ity  and/or  network  managers  more  quick¬ 
ly  determine  the  next  step  when  a  threat 
arises  or  a  vulnerability  is  detected. 

“The  main  thing  is  when  we  get  an  error 
message  from  a  firewall, we  now  can  react 
quick  enough  and  know  how  to  react,” 
says  Bob  Wrobel,  data  security  manager 
for  Ace  Hardware  in  Oak  Brook,  III. “There 
is  time  associated  with  going  over  logs, 
and  we  didn’t  want  to  be  reactive.” 

Other  new  features  include  enhanced 
vulnerability  assessments  and  improved 
correlation  that  can  tell  security  man¬ 
agers  in  real  time  if  an  event  on  an  IDS 
relates  to  an  event  on  a  firewall  and  to  an 
event  on  a  server,  and  so  on,  the  compa¬ 
ny  says.  Correlating  the  events  would  pre¬ 
vent  multiple  security  administrators 
from  separately  exploring  or  trouble¬ 
shooting  the  events  and  would  speed 
problem  resolution. 

Entry-level  pricing  for  STM  is  $50,000, 
with  the  average  implementation  costing 
about  $100,000  ■ 


IBM,  Nokia  team  to  ease 
business  apps  onto  WLANs 


■  BY  STEPHEN  LAWSON 

IBM  and  Nokia  are  teaming  to  make  it 
easier  for  companies  to  provide  applica¬ 
tions  to  their  mobile  workers. 

Next-generation  Nokia  Communicator 
devices  will  include  Wi-Fi  wireless  LAN 
(WLAN)  capability  and  a  deal  with  IBM 
will  provide  for  smooth  handoffs  of  appli¬ 
cations  between  carrier  and  enterprise 
wireless  networks. 

Corporate  customers  will  be  able  to  write 
applications  using  Java  tools  and  have 
them  run  on  different  kinds  of  networks 
and  even  on  successive  generations  of 
client  devices,  company  executives  say. 

As  Wi-Fi  networks  proliferate  in  corpora¬ 
tions  and  public  places,  and  mobile  opera¬ 
tors  deploy  faster  cellular  data  networks, 
more  capacity  has  become  available  for 
running  enterprise  applications.  However, 
keeping  those  applications  running  while 
moving  among  different  types  of  networks 
is  complicated.  Nokia  and  IBM  aim  to 
make  the  experience  seamless. 

The  technology  is  expected  to  be  avail¬ 
able  in  the  fourth  quarter  when  the  Nokia 
Communicator  9500  hits  the  market.  The 
combination  cell  phone  and  handheld 
computer  from  Nokia  will  be  joined  by 
more  Communicator  devices  in  2005, 
according  to  Nokia. 

The  tri-band  GSM  phone  will  support 
IEEE  802.1  lb  WLANs,  Enhanced  Data  Rates 
for  GSM  Evolution  and  General  Packet 
Radio  Service  for  data  communications.  It 
runs  on  the  Nokia  Series  80  software  plat¬ 
form,  which  is  based  on  the  Symbian  oper¬ 


ating  system. 

Developers  will  be  able  to  use  a  desktop 
Java  Development  Kit  to  extend  their  Java- 
based  applications  to  the  Communicator, 
which  will  come  with  Java  2  Mobile 
Edition  Personal  Profile  runtime  environ¬ 
ment  that  enables  integration  of  middle¬ 
ware,  according  to  the  companies. 

On  the  device,  WebSphere  Everyplace 
Connection  Manager  Client  will  direct  the 
application  to  the  fastest  available  network. 
IBM’s  Lotus  Sametime  Instant  Messaging 
Client  software  will  run  on  the  Commu¬ 
nicator,  so  users  can  keep  in  touch  with 
their  colleagues  wherever  they  are. 

The  network  hand-off  mechanism  could 
let  companies  take  employees’  data  ses¬ 
sions  off  the  mobile  operator’s  paid  net¬ 
work  and  move  them  to  the  free  internal  Wi¬ 
Fi  network  without  making  previous 
arrangements  with  the  mobile  operator, 
says  Eugene  Cox,  directory  of  mobile  solu¬ 
tions  at  IBM. 

In  addition  to  making  applications  avail¬ 
able  on  the  Communicators,  enterprise  cus¬ 
tomers  can  manage  the  devices  with  IBM’s 
Tivoli  Provisioning  Manager  and  Tivoli 
Configuration  Manager,  which  they  also  can 
use  to  manage  desktop  and  notebook  PCs. 

Nokia  says  the  Communicator  9500  will 
sell  for  about  $l,000.The  price  of  IBM’s  soft¬ 
ware  in  the  package  will  depend  on  which 
components  are  used  and  the  size  of  the 
deployment,  according  to  IBM. The  deal  is 
not  exclusive  for  either  partner,  officials  say 

Lawson  is  a  correspondent  with  the  IDG 
News  Service  s  San  Francisco  bureau. 


AT&T  and  MCI  find  common  ground 

Carriers  sign  agreement  ending  dispute  over  calls  routed  through  Canada,  other  disputes. 


■  BY  DENISE  PAPPALARDO 

It  turns  out  it  was  perhaps  just  a  war  of 
words. 

Last  summer  when  AT&T  accused  MCI 
of  routing  calls  through  Canada  to  avoid 
paying  access  fees,  AT&T  tossed  around 
strong  terms  such  as  fraud  and  racketeer¬ 
ing,  and  claimed  lost  revenue  in  the  mil¬ 
lions  of  dollars. 

Last  week,  however,  the  two  carriers 
ironed  out  this  and  a  few  other  outstand¬ 
ing  issues  without  anywhere  near  as 
much  fanfare. 

AT&T  and  MCI  drafted  a  settlement 
agreement  that  was  filed  with  the  U.S. 
Bankruptcy  Court  in  the  Southern  District 
of  New  York.The  carriers  are  seeking  court 
approval  of  the  agreement  that  puts  an  end 
to  call  routing,  local  switched  access  and 
contractual  arguments  between  the  tele¬ 
com  giants.The  court  is  expected  to  hold  a 
hearing  this  week  to  review  the  agreement. 

Experts  have  speculated  that  a  federal 
investigation  into  possible  wrongdoing  by 
MCI  might  fizzle  out  now  that  AT&T  has 
dropped  its  suit,  although  the  Department 
of  Justice  and  FCC  investigations  remained 


Takes 

■  Equant  last  week  announced  two 
global  satellite  services  aimed  at 
keeping  remote  offices  in  far-flung 
regions  connected  to  headquarters. 
The  carriers  Dedicated  Satellite 
Access  service  lets  IP  VPN  cus¬ 
tomers  connect  users,  especially  in 
areas  of  the  world  without  advanced 
telecom  infrastructure.  The  service 
offers  users  the  sameTriple-DES  and 
class  of  service  available  to  landline 
customers  that  connect  to  their  cor¬ 
porate  VPN  via  aT-1  or  frame  relay 
connection.  The  Dedicated  Satellite 
Access  service  is  available  in  band¬ 
width  increments  of  64K  up  to  2M 
bit/sec.  The  service  provider  also 
announced  its  IP  Satellite  Access  ser 
vice,  which  Equant  says  will  be  avail¬ 
able  by  the  end  of  June.  This  is  a 
shared  service  that  lets  users  pay  for 


open  last  week. 

AT&T  called  the  most  public  disagree¬ 
ment  the  “Canadian  Gateway  Project.”  The 
company  accused  MCI  and  its  partner 
Onvoy  of  illegally  routing  calls  through 
Canada  to  avoid  paying  access  fees  to 
AT&T  and  other  carriers. 

The  accusations  were  quickly  followed 
by  a  civil  law  suit  against  MCI  claiming 
fraud  and  racketeering.  MCI  responded 
with  a  motion  urging  the  bankruptcy 
court  to  sanction  AT&T  and  find  it  in  con¬ 
tempt  of  court. 

Experts  speculated  in  August  that  AT&T 
could  have  lost  up  to  $100  million  as  a 
result  of  the  MCI  maneuver. 

MCI  paid  no  restitution  to  AT&T  as  part 
of  the  deal. 

“It  turns  out  it  was  just  a  boldface  attempt 
by  AT&T  to  derail  MCI’s  emergence  from 
bankruptcy’  says  Bryan  Van  Dussen,  direc¬ 
tor  of  telecommunications  research  at  The 
Yankee  Group.“It  didn’t  work.” 

After  AT&T’s  accusations  became  public, 
MCI  halted  all  least-cost  routing  practices, 
according  to  MCI  CEO  Michael  Capellas. 
Although  MCI  says  its  practices  were  legal, 
it  wanted  to  distance  itself  from  the  nega¬ 


64K  bit/sec  worth  of  bandwidth,  but 
burst  up  to  2M  bit/sec  when  needed. 
Equant  says  it  will  deploy  an  Idirect 
NetModem  II  Broadband  Router  at 
each  customer  site  to  support  band¬ 
width  sharing  among  satellite  users. 
Equant  is  teaming  with  global  satellite 
service  provider  Intelsat  to  support 
both  service  offerings.  Equant  would 
not  offer  specific  pricing  information. 

■  Lucent  last  week  announced  an 
agreement  with  Movaz  Networks  to 
jointly  develop  metropolitan  dense 
wavelength  division  multiplexing  sys¬ 
tems  using  Movaz's  DWDM  technolo¬ 
gy.  The  new  systems  will  broaden 
Lucent’s  Metropolis  line  of  metropoli¬ 
tan  optical  products.  Currently, 
Metropolis  metropolitan  DWDM  prod¬ 
ucts  are  targeted  at  large  metropoli¬ 
tan-wide  network  applications.  Movaz 
will  help  extend  the  Metropolis  line  to 
the  network  edge,  where  service 
providers  could  provision  wavelengths 
directly  to  enterprise  customers. 


tive  publicity  they  generated. 

Both  carriers  have  agreed  to  drop  their 
separate  court  actions  three  days  after  the 
court  approves  the  settlement  agreement. 

AT&T  separately  announced  last  week 
that  it  also  settled  its  dispute  with  Onvoy 
over  its  part  in  routing  calls  for  MCI. 
AT&T  says  it  is  keeping  that  agreement 
confidential. 

In  addition  to  the  dispute  over  call  rout¬ 
ing,  the  carriers  have  been  arguing  over 
how  much  each  was  owed  for  telecom 
facilities  and  services.  AT&T  says  MCI  owes 
it  more  than  $100  million  while  MCI  says 
AT&T  owes  it  approximately  $220  million, 
according  to  court  documents.  The  agree¬ 
ment  wipes  away  much  of  those,  except  for 
all  services  that  were  delivered,  but  not 
invoiced,  after  Oct.  10,2003.The  agreement 
says  each  carrier  will  invoice  all  such  ser¬ 
vices  and  pay  the  other  party  in  full. 
Neither  carrier  commented  on  the  signifi¬ 
cance  of  the  Oct.  10  date. 

The  carriers’  Unbundled  Network  Ele¬ 
ment-Platform  (UNE-P)  disagreements  are 
even  more  complicated.  The  motion  says 
there  is  a  “significant  contractual  dispute 
between  AT&T  and  [MCI]”  over  UNE-P 


The  disputes 

There  were  four  main  disagree¬ 
ments  between  the  AT&T  and  MCI: 

•  Amount  owed  based  on 
facilities  and  services  that 
each  carrier  provides. 

•  UNE-P  contractual  dispute 
since  1998. 

•  AT&T’s  racketeering  and  fraud 
claims  against  MCI  regarding 
call  routing  through  Canada. 

•  MCl’s  contempt  of  court  claim 
against  AT&T,  which  says  AT&T 
circumvented  standard 
bankruptcy  court  rules  by  filing 
its  civil  action. 

local  switch  access  provisioning  before 
January  2004,  when  the  carriers  signed  a 
two-year  contract. 

The  motion  stresses  more  that  the  overall 
agreement  “is  the  product  of  extensive 
arm’s  length  negotiations,  is  fair  and  rea¬ 
sonable  under  the  circumstances  and  in  no 
way  unjustly  enriches  [either  carrier] .”  ■ 


Laurel’s  ShadeTree 
software  branches  out 


■  BY  JIM  DUFFY 

Edge  router  maker  Laurel  Networks  last 
week  unveiled  software  that  it  says 
enhances  its  router’s  broadband  and 
Ethernet  service  performance,  and  lets 
service  providers  upgrade  the  system 
without  deactivating  the  network. 

The  company’s  ShadeTree  3.0  software 
runs  on  Laurel’s  ST200  router.  New  fea¬ 
tures  include  L2TP  Network  Server  (LNS) 
for  ISPs  offering  broadband  IP  services; 
Laurel  Instant  Versioning  (LIVE),  a  run¬ 
time  hitless  software  upgrade  capability; 
and  Virtual  Private  LAN  Service  (VPLS)  for 
extending  Transparent  LAN  Services 
across  a  Multi-protocol  Label  Switching 
backbone. 

LNS  works  with  the  broadband  remote 
access  server  software  Laurel  rolled  out 
for  the  ST200  last  year.  LNS  runs  on  exist¬ 


ing  ST200  line  cards  to  support  128,000 
subscriber  sessions  on  10G  bit/sec 
uplinks  —  four  times  the  bandwidth  and 
number  of  sessions  of  competitive  prod¬ 
ucts,  Laurel  says. 

LIVE  enables  real-time  patches  of  por¬ 
tions  of  live  running  code  without  affecting 
system  operation,  Laurel  says.  Service 
providers  can  install  new  diagnostics  and 
implement  unplanned  updates  on  the  run¬ 
ning  system  without  service  interruption  to 
thousands  of  customers  connected  to  a 
single  router.  Typically  routers  need  to  be 
disabled  to  install  patches  or  diagnostics. 

VPLS  adds  a  point-to-multipoint  Ether¬ 
net  service  to  the  ST200’s  existing  point-to- 
point  Ethernet  service  support.  VPLS  can 
be  enabled  on  a  variety  of  access  net¬ 
works  supported  by  the  ST200,  including 
Ethernet, SONET, ATM  or  frame  relay  Laurel 
See  Laurel,  page  28 
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An  IDC  white  paper  summarized  the  five-year  cost  of  ownership  of  a 
Linux  server  environment  compared  to  a  Microsoft"  Windows'  server 
environment  this  way:  Windows  comes  out  lower  in  cost  in  four  out  of 
five  workloads  and  11  to  22  percent  lower  in  cost  overall.  To  get  the  full 
study  or  more  third-party  findings,  visit  microsoft.com/getthefacts 


This  IDC  study  was  conducted  for  Microsoft.  C  2004  Microsoft  Corporation.  All  rights  reserved  Microsoft,  Windows,  the  Windows  logo,  and  Windows  Server  System  are  either  registered  trademarks 
or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


It  happens  all  the  time:  An  application 
runs  poorly.  Application  developers 
point  fingers  at  the  network  engineers; 
network  folks  cast  aspersions  on  the  devel¬ 
opers  —  and  nobody’s  really  sure  of  the 
root  cause. Tracking  down  the  answer  takes 
days,  weeks  or  months  —  with  lines  of  busi¬ 
ness  getting  less  patient  as  the  hours  tick  by 
To  avoid  these  problems  before  they  hit, 
IT  executives  should  think  about  imple¬ 
menting  effective  application  quality  man¬ 
agement  (AQM).That  means  taking  a  big- 
picture  view  of  application  performance, 
deploying  the  right  tools  and  technologies, 
and  engaging  in  operational  and  organiza¬ 
tional  best  practices. 

Some  history:  Fifteen  years  ago,  applica¬ 
tion  performance  was  purely  a  software 
developers  game  and  mostly  involved  tai¬ 
loring  an  application  to  the  mainframe  sys- 


A  blueprint  for  effectively  managing  applications 


tern  it  executed  on.  The  advent  of  client- 
server  computing  in  the  early  1990s 
brought  network  issues  into  the  picture. 
Software  executables  now  were  running 
on  clients  and  servers  linked  by  networks 
whose  performance  characteristics  now 
affected  application  performance.  These 
days,  thanks  to  trends  such  as  virtualiza¬ 
tion,  grid  computing  and  Web  services,  it’s 
often  impossible  to  say  with  certainty 
where  the  executables  physically  reside  — 
which  means  that  understanding  the  inter¬ 
action  between  application  components 
and  the  networks  linking  them  has  gotten 
even  harder. 

Essentially  AQM  requires  taking  a  holistic 
view  of  an  application’s  performance  in 
this  distributed,  virtualized  environment, 
both  across  the  app’s  development  life 
cycle  and  up  through  the  Open  Systems 
Interconnection  (OSI)  seven-layer  stack. 
Tools  and  techniques  required  for  proto¬ 
typing,  capacity  and  planning,  and  quality 
assurance  aren’t  the  same  as  those 
required  for  monitoring,  thresholding  and 
troubleshooting  an  application  already  in 
deployment.  Moreover,  “lower-layer”  OSI 


issues  can  affect  application  performance. 
An  app  might  work  fine  when  running 
alone  over  a  low-latency  high-bandwidth 
LAN,  but  crash  and  burn  when  it’s  com¬ 
bined  with  other  apps  across  a  high-laten¬ 
cy  low-bandwidth  WAN. 

What  are  some  practical  steps  for  imple¬ 
menting  AQM?  First,  IT  executives  should 
consider  application  management  from 
the  get-go. That  means  allocating  time  and 
money  to  answering  the  question,  “How 
will  we  manage  this  application?” —  even 
before  the  design  specifications  are  com¬ 
plete.  Make  sure  design  engineers  under¬ 
stand  the  service-level  agreements  that 
application  delivery  folks  need  to  live  up  to 
—  and  have  them  sign  off  on  them. 

Second,  effective  AQM  requires  multiple 
tools  and  product  suites.  Neither  network 
management  nor  app  management  suites 
are  enough  —  look  to  cover  the  full  spec¬ 
trum  of  infrastructure  and  application 
management.  Products  from  companies 
such  as  Aprisma,  Concord  Communi¬ 
cations,  Micromuse,  Smarts  and  Visual 
Networks  can  provide  insight  into  infra¬ 
structure  component  performance  and 


root-cause  analysis.  Packages  such  as 
those  from  Altaworks,  BMC  Software, 
Empirix  and  IBM  Tivoli  provide  insight 
into  app-layer  performance.  Also  note  that 
certain  tools  are  optimized  for  particular 
points  in  the  application  life  cycle. 
Mercury  Interactive  fits  well  for  capacity 
planning  of  prototypes  for  example,  while 
Network  Associates’  Sniffer  is  an  indis¬ 
pensable  troubleshooting  and  monitoring 
tool  for  deployed  apps. 

Finally  IT  executives  should  seek  to  “de- 
silo-ize”  their  organizations.  Create  an 
application  quality  management  team, 
and  staff  it  with  individuals  who  hold  pri¬ 
mary  responsibility  across  the  spectrum. 
Specifically,  include  individuals  responsi¬ 
ble  for  network  and  server  planning,  de¬ 
ployment  and  management  as  well  as 
those  responsible  for  application  design 
and  rollout.  Ensure  that  these  individuals 
share  responsibility  for  AQM. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research ,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Lawmakers  hear  case  for  regulating  VoIP 


II  There’s  no  justification . . . 
for  Congress  deciding  to  give 
telecommunications  companies 
such  a  bonanza,  then  turn  around 
and  send  the  bill  to  governors 
and  to  mayors.  9  9 

Sen.  Lamar  Alexander 

R-Tenn. 


■  BY  GRANT  GROSS 

WASHINGTON,  D.C.  —  A  U.S. 
senator,  a  state  public  utilities 
commission  and  a  telephone 
company  executive  have 
asked  the  FCC  and  Congress 
to  slow  down  their  rush 
toward  declaring  VoIP  service 
essentially  free  from  govern¬ 
ment  regulation. 

Most  members  of  the 
Senate  Commerce,  Science 
and  Transportation  Com¬ 
mittee  called  for  the  “light 
touch”  approach  to  regulat¬ 
ing  VoIP  that  FCC  Chairman  Michael 
Powell  advocated  during  a  hearing  last 
week.  However,  Sen.  Lamar  Alexander  (R- 
Tenn.)  said  efforts  to  exempt  VoIP  from 
telecom  taxes  will  take  money  away  from 
state  and  local  governments. 

Those  governments  across  the  U.S.  cur¬ 
rently  collect  about  $20  billion  per  year  in 
telecom  taxes  and  fees,  and  if  VoIP  is 
exempted  from  those  taxes,  that  number 
will  shrink  as  more  telecom  carriers  and 
more  consumers  switch  to  VoIP  said 
Alexander,  who  participated  in  the  hearing 
as  a  witness.  Exempting  VoIP  from  state 
taxes  would  be  an  “unfunded  mandate” 
from  Congress,  something  the  Republican 
majorities  in  Congress  pledged  to  avoid, 
Alexander  said. 

Some  committee  members  suggested 
x  !P  adoption  would  drive  investment  and 
c  .;  ■  .iision  of  broadband  services  because 
v  .'V  olP  service  is  available  only  over 
•nd,  but  Alexander  questioned  why 
Congress  should  give  broadband  and  VoIP 


special  treatment. 

“There’s  no  justification  ...  for  Congress 
deciding  to  give  telecommunications  com¬ 
panies  such  a  bonanza,  then  turn  around 
and  send  the  bill  to  governors  and  to  may¬ 
ors, "Alexander  said.“If  Congress  really  wants 
to  pick  and  choose  among  American  busi¬ 
ness  enterprises  and  decide  that  high-speed 
Internet  access  business  is  one  we  all  want 
to  subsidize,  then  Congress  ought  to  pay  the 
bill  and  not  send  it  to  the  states." 

Earlier  this  month,  the  FCC  began  a  rule- 
making  process  to  determine  the  appropri¬ 
ate  level  of  regulation  for  VoIP  with  Fbwell 
suggesting  the  emerging  voice  service 
should  be  treated  more  like  unregulated 
Internet  service  than  heavily  regulated  tele¬ 
phone  service. 

Opening  VoIP  to  state  and  local  taxes 
could  mean  VoIP  calls  could  be  taxed 
dozens  of  times  as  they  travel  through  tax¬ 
ing  jurisdictions,  and  could  discourage 
investment  in  VoIP  services, said  committee 
member  Ron  Wyden  (D-Oregon). 


Committee  member  John 
Sununu  (R-N.H.)  said  he  plans 
to  introduce  legislation  within 
weeks  that  would  create  feder¬ 
al  jurisdiction  for  VoIP  regula¬ 
tion,  not  state  or  local  jurisdic¬ 
tion.  Sununu’s  legislation  also 
would  exempt  VoIP  from  state 
and  local  taxes,  as  Internet 
access  was  under  the  tax 
moratorium  that  expired  in 
November. 

VoIP  traffic  should  be  treated 
the  same  as  other  IP  traffic, 
such  as  e-mail,  Sununu 
argued.“If  we  try  to  regulate  or 
legislate,  discriminating  on  the  type  of  data 
that  is  being  sent  over  a  broadband  net¬ 
work  . . .  then  I  think  we  are  headed  down 
the  wrong  path,”  he  said. 

But  others  argued  VoIP  providers  should¬ 
n’t  get  special  exemptions  from  taxes  and 
regulations  that  other  telecom  carriers  must 
deal  with.  Most  VoIP  calls  end  up  on  tradi¬ 
tional  phone  networks  built  by  telephone 
carriers,  and  VoIP  carriers  should  have  to 
pay  access  fees  for  the  use  of  those  lines 
and  pay  into  the  Universal  Service  Fund, 
which  helps  bring  telephone  service  to 
rural  and  poor  areas,  said  Glen  F  Fbst  III, 
chairman  and  CEO  of  telephone  service 
carrier  CenturyTel  of  Monroe,  La. 

“[VoIP  carriers]  should  not  be  allowed  to 
unilaterally  exempt  themselves  from  poten¬ 
tially  billions  of  dollars  in  access  payments 
—  especially  at  the  expense  of  the  telecom 
sector  as  a  whole,”  Fbst  said. 

Gross  is  a  correspondent  with  the  IDG 
News  Services  Washington,  D.C.,  bureau. 


The  softer  side 

Renowned  for  its  hardware, 
Laurel  Networks  has  updated  its 
ShadeTree  router  software  with: 


•  L2TP  Network  Server  — 

a  broadband  remote-access 
feature  specifically  for  ISPs. 

•  Laurel  Instant  Versioning  — 
enables  “hot  patch”  of  running 
code  to  add  diagnostics  or 
implement  fixes. 

•  Virtual  Private  LAN  Services 
—  enables  point^to-multipoint 
Ethernet  services. 


Laurel 

continued  from  page  25  - 

says  this  feature  widens  the  addressable 
market  for  Ethernet  service  deployment. 

Despite  claims  of  competitive  advan¬ 
tage,  Laurel  only  has  a  handful  of  cus¬ 
tomers  —  Dacom,  KT  and  Level  3 
Communications  among  them  —  while 
competitors  Cisco  and  Juniper  add  sev¬ 
eral  new  customers  each  quarter,  ana¬ 
lysts  say.  Also,  Juniper  just  announced  its 
M320  edge  router  and  Tellabs  enhanced 
its  8800  line  (obtained  from  the  Vivace 
Networks  acquisition)  with  VPLS,  so 
Laurel’s  in  for  a  fight. 

“Laurel  has  yet  to  capture  a  measurable 
share  of  the  edge  router  market,”  says  Rolf 
Schonhowd,  a  senior  analyst  at  Current 
Analysis.  Regardless,  “Laurel  has  shown 
itself  to  be  a  [technology]  frontrunner 
among  its  fiercest  competitors,  which  will 
give  the  company  a  competitive  edge 
when  every  major  equipment  vendor  is 
pursuing  this  space.”* 


Look  around  you.  There’s  data  being  created  in  more  places  than  ever  before. 


And  thanks  to  Snap  Appliance  storage  solutions,  no  matter  where  critical  data  exists  or  how 
it  is  generated,  it  will  be  protected.  It  must  be.  It’s  the  reason  why  Snap  is  found  in  so  many 
applications  across  virtually  every  industry.  From  retail  and  banking,  to  government  and  CAD. 
In  fact,  more  than  50%  of  the  Network  Attached  Storage  installations  in  the  world  and  more 
than  half  of  the  Fortune  500  rely  on  Snap  to  protect  their  data.  Because  when  data  is  safe, 
the  future  of  a  company  is  boundless.  1  -888-343-SNAP,  www.snapappliance.com 
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There’s  a  smarter  alternative  to  adding  more  servers:  adding  servers  that  can  do  more.  Like  IBM  eServer™  xSeries® 
systems  —  powered  by  Intel®  Xeon™  processors.  Select  models  let  you  scale  up  (simply)  from  1  to  16  way.  Logical 
partitioning  with  optional  VMware®  software  lets  you  deploy  up  to  80  virtual  servers  and  handle  not  just  one,  but  multiple 
applications  at  once.1  Easily.  How  can  you  thrive  in  the  on  demand  world?  With  xSeries  systems  that  can  do  more.  So 
you  can  do  less.  For  more  info,  download  WhyX,  an  in-depth  guide  to  xSeries  systems  at  ibm.com/eserver/advantage 


5  reasons  more  and  more  businesses  are  turning  to  IBM  eServer  xSeries  systems. 


Scale  1-16  way  with  select 

IBM  Director  systems 

Linux-ready  through 

Mainframe-inspired 

24/7/365  optional  onsite 

models.  Pay  as  you  grow. 

management. 

the  entire  line. 

technologies. 

hardware  support / 

@  server 

V - ® 


IBM  eServer  xSeries  systems  are  powered  by 
Intel  Xeon  processors.  (You  can  get  more  when 
you  buy  less.) 


'The  maximum  number  of  virtual  servers  that  can  be  deployed  will  depend  on  the  hardware  specifications  of  the  server.  “Additional  charges  apply  Standard  support  includes  next  business  day  response  in  some 
countries.  IBM.  the  e-business  logo.  eServer.  the  eServer  logo  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel, 
Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names 
may  be  trademarks  or  service  marks  ot  others.  ©  2004  IBM  Corporation.  All  rights  reserved. 
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Masterminding 
the  New 

Data 

Center 


EVENT  SCHEDULE 

NEW  YORK,  NY 
March  30,  2004 
Park  Centra! 

BURLINGAME,  CA 

April  1,  2004 
Hyatt  Regency 
San  Francisco  Airport 

DENVER,  CO 
April  27,  2004 
Adam’s  Mark  Hotel 

SAN  DIEGO,  CA 
April  29,  2004 
Manchester  Grand  Hyatt 


FREE  EVENT  FOR 
QUALIFIED  PROFESSIONALS 


MODERATOR 

Johna  Till  Johnson 


EXPERTISE,  TECHNOLOGY,  AND 
DEMOS  TO  HELP  YOU: 

►  classify,  secure,  audit  and  protect  data 

monitor,  measure  and  manage 
applications 

►  power,  heat  and  cool  next-generation 
data  centers 

manage  data  quality  and  information 
lifecycles 

sirategize  business  continuity  planning 
and  data  recovery  management 


rid,  blade,  utility  or  cluster  computing:  Are  you  about  to  make  a  costly  misstep ?  Storage  virtualization: 

Are  you  ready  for  this  innovative  approach?  Security  solutions:  Are  you  prepared  for  the  latest  threats? 

In  the  storm  to  consolidate  —  servers,  storage,  apps  —  there’s  never  been  a  more  important  moment 
in  the  management  of  data  centers.  And  there’s  never  been  a  Network  World  Event  like  Masterminding  the  New  Data 
Center  to  meet  the  challenge.  Here's  actionable  intelligence  you  can  take  away  and  use  now  to  design,  deploy  and 
manage  your  data  center  to  the  highest  industry  standards. 

You’ll  see  new  technology.  Gain  the  first-ever  results  of  a  Nemertes  Research  benchmark  study.  And  participate  in  a  fast- 
paced,  ask-questions,  get-answers  event  unlike  any  other.  While  attendance  is  free,  access  is  limited  to  professionals  who 
reserve  in  advance.  Register  now.  Reserve  your  place.  And  become  one  of  the  new  masterminds  of  today’s  new  data  center. 

Advance  Reservation  by  Qualified  Professionals  is  Required  for  Complimentary  Attendance 

Register  now  at  www.nwfusion.com/DCS4Al 
or  call  1-800-643-4668 


PLATINUM  PRESENTING  SPONSORS 


GOLD  EXHIBITING  SPONSORS: 


WHO  WILL  BE  THERE? 

Expert  Event  Leaders 

Johna  Till  Johnson,  President,  CRO,  and 
Founder  of  Nemertes  Research 

Sandra  Gittien,  Events  Editor  for 
Network  World 

and  eading  data  center  professionals 

inhiding: 

Network  Managers 
System  ArcH'.ects 
>  IT'  Executives 
>•  CxOs 


'{  is  limited  to  Network  and  IT  professionals  involved 
'  *'}<•  evaluation.  purchase  and  implementation  of  data 
emei  products  ond  services.  Network  World  Events  reserves 
>  rtgr‘  to  deiermine  total  audience  and  profile  of 
ontpU  r  -  r.Utry  attendees.  Paid  registration  is  also  available. 


Legendary  Reliability" 


ms 
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To  join  sponsors  of  this  premier  Network  World  Event,  please  contact  Andrea  D' Amato  at  1 -508-490-6S20  or  adamato@nww.com  for  free,  no-obligation  information. 


www.nwfusion.com 
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■  PRODUCTS,  SERVICES  AND  STRATEGIES 

FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 

SOHO  WLAN  vendors  weigh  value  of  WPA  cert 


Mixed  messages 

The  leading  SOHO  hardware  vendors  square  off  on  Wi-Fi  and  WPA  security 
certification. 


■  BY  TONI  KISTNER 


Strong  security  for  wireless  LANs  is  finally 
here  —  in  the  form  of  Wi-Fi  Protected 


■  2Wire  recently  launched  the 
MediaPortal,  a  software  platform 
that  lets  DSL  providers  offer  satellite 
TV,  DSL  and  entertainment  services 
—  such  as  media  on  demand,  per¬ 
sonal  video  recorder,  music  and 
photo  management,  and  unified  mes¬ 
saging  —  through  one  set-top  box 
and  back-end  management  system. 
MediaPortal  will  let  customers  buy 
digital  content  or  access  streaming 
media  from  the  Internet  via  set-top 
box,  making  it  available  to  multiple 
devices  over  the  home  network.  The 
platform  uses  2Wire's  Component 
Management  System,  which  lets 
providers  diagnose  and  troubleshoot 
technical  issues,  and  remotely  provi¬ 
sion  customized  data,  voice  and 
entertainment  services. 

■  ExpertCity  recently  announced  an 
online  meeting  service.  GoToMeeting 
doesn't  require  client  software  and 
secures  sessions  using  Advanced 
Encryption  Standard.  Participants  can 
join  through  e-mail  or  instant-messag¬ 
ing  applications,  and  access  desktop 
viewing  and  sharing,  keyboard  and 
mouse  control,  and  chat.  Audio  is  avail¬ 
able,  and  administration  tools  provide 
reporting,  tracking  and  access  to 
billing  informat  ion.  Two  versions  of  the 
product  will  be  previewed  in  May: 
GoToMeeting  for  professionals  and 
small  businesses,  and  GoToMeeting 
Corporate  for  firms  requiring  central 
reporting  and  administration  of  multi¬ 
ple  accounts.  ExpertCity  hasn't  an¬ 
nounced  availability,  but  says  it  will 
offer  flat-rate  pricing  as  follows:  GoTo¬ 
Meeting  costs  $75  per  month  with  a 
discount  of  20%  for  an  annual  sub¬ 
scription:  GoToMeeting  Corporate 
costs  $65  per  month,  per  organizer 
(minimum  of  five  organizers:  $65  x  five 
organizers  x  12  months  =  $3,900). 


Access.  Since  June,  the  Wi-Fi  Alliance  has 
certified  more  than  175  products,  meaning 
they  will  interoperate  with  certified  prod¬ 
ucts  from  other  vendors.  However,  many 
products  —  especially  on  the  consumer 
side  —  still  aren’t  getting  tested,  which 
means  WPA  might  fail  to  secure  your 
remote  or  branch-office  network. 

WPA  is  the  specification  the  Wi-Fi 
Alliance  put  forward  in  late  2002  as  an 
interim  replacement  for  the  Wired  Equiv¬ 
alent  Privacy  (WEP)  encryption  standard. 
A  subset  of  the  upcoming  802.1  li  wireless 
security  specification,  WPA  addresses 
WEP’s  weaknesses  by  using  the  Temporal 
Key  Integrity  Protocol  (TKIP)  to  enhance 
data  encryption  and  802. lx  and  EAP 
authentication,  which  relies  on  a  central 
authentication  server  such  as  RADIUS. 

Last  month,  the  Wi-Fi  Alliance  made 
WPA  mandatory  for  Wi-Fi  interoperability, 
a  move  that’s  receiving  a  mixed  response 
from  small  office/home  office  hardware 
vendors. Vendors  test  products  for  interop¬ 
erability  in  their  research  and  develop¬ 
ment  facilities,  and  most  pay  the  Wi-Fi 
Alliance  to  have  their  products  Wi-Fi-certi- 
fied.  However,  there  are  some  exceptions. 

Belkin  blames  bad  timing  for  its  lack  of 
WPA-certified  products.  When  the 
Alliance  announced  WPA  certification 
was  mandatory,  the  company  says  it  had 
just  completed  certifying  all  its  gear  for 
Wi-Fi  interoperability.  Belkin  says  its  prod¬ 
ucts  support  WPA,  and  plans  are  under¬ 
way  to  certify  them.  But  the  company  also 
stresses  that  internal  testing  has  revealed 
no  interoperability  problems.  Similarly, 
SMC  Networks  says  its  wireless  products 
support  WPA  and  all  are  Wi-Fi-compliant. 

But  the  Wi-Fi  Alliance  disagrees.  “SMC 
can’t  support  WPA  unless  [products  have] 
been  certified,”  says  Brian  Grimm,  a 
spokesman  for  the  group.“SMC  is  implying 
its  products  comply  with  the  Wi-Fi  set  of 
testing,  and  that’s  not  correct.  It  could  say 
products  are  802.11b-,  g-  or  a-compliant, 
but  not  Wi-Fi-compliant.” 

The  group  says  WPA  certification  is  cru¬ 
cial,  saying  that  25%  of  products  fail  the 
certification  tests  on  the  first  try.  While 
WPA  is  built  into  the  chips  vendors  use  to 
build  their  products,  changes  made  to  the 
reference  design  board  and  the  way  a 
vendor  integrates  software  and  drivers 
can  cause  it  to  fail. 

“Because  security  either  works  100%  or 
it  doesn’t  work  at  all,  one  of  the  highest 
failure  rates  we  see  in  the  labs  is  for  WPA,” 
Grimm  saysTIt’s  not  like  you  can  just  have 


Linksys 

We  provide  all  the  Wi-Fi-certified  servic¬ 
es  to  our  customers  whether  they  use 
them  or  not.  It’s  important  to  [protect] 
your  WLAN,  whether  at  home  or  the 
office,  with  the  maximum  amount  of 
security  possible.  Some  home  users  do 
use  RADIUS  servers,  and  we  want  to 
make  sure  we  reach  all  our  customers. 


a  little  lower  throughput.” 

Common  problems  seen  in  the  labs  are 
state  machine  errors  that  result  in  an  asso¬ 
ciation  failure,  improper  handling  of 
Message  Integrity  Check  and  failures 
resulting  in  either  attacks  going  undetect¬ 
ed  or  a  system  shutdown.  Also  common 
are  excessively  long  roaming  times,  TKIP 
encryption  errors  resulting  in  devices  fail¬ 
ing  to  associate  and  lack  of  support  for 
multiple  servers. 

The  Wi-Fi  Alliance  offers  certification 
tests  geared  to  enterprise-  and  consumer- 
level  products.  WPA  Enterprise  includes 
the  TKIP  encryption  and  authentication 
server  portions,  while  WPA  Personal 
demands  only  TKIP  encryption  because 
most  consumers  and  small  offices  don’t 
use  authentication  servers.  WPA  Personal 
was  formerly  called  PSK  for  “personal 
shared  key!’ 

Netgear  is  of  two  minds  when  it  comes 
to  WPA  certification.  While  it’s  having  its 
business-class  products  certified  —  two 
802.1  la+g  adapters  and  an  802.1  lg  access 
point  will  be  certified  next  month  —  the 
company  is  hesitant  to  certify  its  con¬ 
sumer  line.  Lianne  Caetano,  a  Netgear 
product-line  manager, says  when  certifica¬ 
tion  testing  was  announced  last  April, 
there  was  no  test  bed  available  for  testing 
consumer  products,  and  at  the  time  its 
customers  “were  barely  using  WEPWe  did¬ 
n’t  want  to  put  full  WPA  in  all  our  prod¬ 
ucts.  It  didn’t  make  sense.” 

However,  the  Wi-Fi  Alliance  says  PSK 
(WPA  Personal)  testing  was  available  from 
Day  One,  but  admits  Netgear  might  have 
had  problems  getting  products  onto  a  PSK 
test  bed  until  recently. This  was  because  of 
the  high  number  of  802.1  lg  products  in 
the  test  queueTLast  fall  we  had  50  people 
wanting  to  certify  802.  Ug  products  tomor- 


Netgear 

We  will  continue  to  produce  standards-based 
products  and  consider  interoperability  im¬ 
portant.  But  we  aren’t  going  to  rush  out  to 
every  test  that  comes  across  our  path  unless 
it’s  in  the  best  interest  of  our  customers. 
Our  enterprise  customers  demand  Wi-Fi 
certification,  but  [our  research  showed  that] 
most  consumers  didn’t  know  what  Wi-Fi  was. 


row;”  Grimm  says.  “In  spite  of  our  best 
efforts,  we  didn’t  have  the  forecasting 
methods  to  really  understand  that.” 

The  group  is  taking  steps  to  improve  the 
testing  process,  which  it  hopes  will  spur 
adoption.  It’s  expanded  capacity  at  its  four 
test  centers  and  has  combined  the  WPA 
and  802.1  lb/g/a  tests  to  cut  test  time  from 
two  days  to  12  hours.  To  address  cost,  the 
group  has  cut  test  fees  from  $5,000  per 
product  per  test  to  $7,500  per  product 
combining  802. 1 1  b/g  and  WPA  tests.  It 
also  offers  a  pre-certification  program  that 
lets  companies  test  their  products  before 
bringing  them  into  the  labs. 

“We  want  to  address  that  25%  failure  rate 
on  the  front  end,” says  Frank  Hanzlik,  man¬ 
aging  director  of  the  alliance. 

Although  Netgear  is  committed  to  certi¬ 
fying  its  business  products,  it  questions  the 
value  of  WPA  on  the  consumer  side.“Our 
decisions  are  customer-driven,  and  our 
customers  are  very  pleased  with  the  levels 
of  security  we  offer  now)’  says  Caetano, 
who  adds  that  changing  the  Service  Set 
Identifier  number  or  turning  off  the  SS1D 
broadcast  is  often  enough  for  them. 

“The  average  hack  into  WEP  takes  six 
hours:  An  expert  can  do  it  in  half  an 
hour,”  she  says.  “The  expectation  is  that 
most  hackers  aren’t  sitting  outside  resi¬ 
dential  areas  trying  to  hack  into  some¬ 
one’s  network.  They’re  trying  to  use  it  to 
get  onto  the  Internet,  not  for  felonious 
reasons.” 

In  contrast,  Linksys  already  has  certified 
11  routers  and  client  devices  that  could 
be  used  with  an  authentication  server  for 
WPA  Enterprise.  The  company  plans  to 
begin  certifying  its  consumer  products  — 
starting  with  media  players  and  game 
adapters  —  using  WPA  Personal  in  the 
coming  months,  fit 


NETSCREEN 


NetScreen,  the  company  protecting  many  of  the  world’s  largest 

enterprises,  now  has  security  built  to  fit  medium  enterprises 
^  Our  complete,  single  vendor  solutions  provide  network 

security  that’s  easily  managed.  Reduces  costs.  And  most 


importantly,  gives  your  network  the  iron-clad 


protection  it  needs  from  today’s  frequent  and 


complex  attacks.  Our  unequaled  solutions 
for  large  financial,  government  and 


■A#  tI  manufacturing  networks  have  made 
us  the  world’s  fastest  growing  major 
network  security  company  over  the  last  two  years 
Now  there’s  no  better  fit  for  your  business. 


Visit  www.netscreen.com/company/ad/iron-clad 


or  call  800-638-8296  to  learn  more 


Deep  Inspection  Firewall  IPSec  and  SSL  VPN  Intrusion  Detection  and  Prevention  Antivirus  j  Central  Management 
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SHAPING  YOUR  NETWORK 


XrML  keeps  content  under  control 


HOW  IT  WORKS  XrML 

Extensible  Rights  Markup  Language  expresses  rights 
and  conditions  for  electronic  content  to  protect  it 
License  server  from  unauthorized  use. 


- ; - EE 

T* 


Content 

server 


Credential 


1  License  server  issues  license  to  content  server  governing  access  to  content  by  users. 

2  License  server  issues  licenses  to  different  applications  governing  the  use  of  content  by  that  application. 

3  Credential  server  issues  credential  licenses  to  users  that  convey  identity  and/or  additional  properties 
such  as  role. 

4  Application  A  and  B  can  have  access  to  the  same  protected  content.  The  use  of  a  single  rights 
language  enables  interoperability. 


■  BY  ARNY  EPSTEIN 

Rights  management  technologies  en¬ 
force  predetermined  rules,  or  policies, 
designed  to  protect  and  control  electronic 
content. They  can  dictate  a  variety  of  vital 
day-to-day  operations  on  content,  ranging 
from  simple  viewing  and  printing  to  edit¬ 
ing  and  sharing.The  proprietary  formats  of 
digital  rights  management  has  made  it  too 
difficult  to  share  content  with  others.  Yet 
many  companies  need  rights  manage¬ 
ment  to  solve  the  dual  challenges  of  regu¬ 
latory  compliance  and  information  leak¬ 
age.  To  succeed,  rights  management  must 
be  able  to  protect  content  in  its  native  for¬ 
mat  and  share  that  information  across  the 
corporation. 

Extensible  Rights  Markup  Language 
(XrML)  is  an  XML-based  language  that 
determines  rights  and  conditions  for  the 
use  of  electronic  content  to  protect  it 
from  unauthorized  use.  XrML  is  slated  to 
become  an  International  Standards  Or¬ 
ganization  standard  this  quarter  as  the 
MPEG-21  Rights  Expression  Language  and 
is  undergoing  a  months-long  standards  re¬ 
view  within  the  Organization  for  the 
Advancement  of  Structured  Information 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


Standards.  Some  vendors  already  include 
XrML  in  word  processing,  publishing,  con¬ 
tent  management  and  other  security  soft¬ 
ware  products. 

XrML  lets  rights  enforcement  software 
outline  access  and  usage  policies  for  dig¬ 
ital  content  in  the  form  of  licenses.  XrML 
licenses  define  who  can  access  the  con¬ 
tent,  and  how  it  is  protected  and  distrib¬ 
uted;  and  it  controls  detailed  usage  rights 
such  as  authorized  printing  and  time- 
based  permissions  to  perform  certain 
operations.  When  an  author  protects  con¬ 
tent,  which  can  be  in  the  form  of  word 
documents,  spreadsheet  data  or  Web- 
based  reports  delivered  in  a  browser  or 
e-mails,  the  content  is  typically  encrypted 


to  prevent  unauthorized  access  or  tam¬ 
pering.  Inside  this  encryption  is  a  license 
or  a  pointer  to  the  license  on  a  policy 
server.  When  a  reader  tries  to  open  the 
document,  the  application  receives  the 
license  from  the  corporate  license  server, 
validates  the  user’s  authorization  and 
enforces  the  usage  privileges  defined  for 
that  user. 

Any  rights-enforcement  software  that 
supports  the  XrML  standard  can  subse¬ 
quently  administer  the  XrML  license. 
What’s  more,  XrML  lets  users  develop 
their  own  rights  to  meet  specific  or 
unique  needs. 

A  standard  rights  language  lets  persis¬ 
tently  protected  content  move  between 


applications  using  cut-copy-paste  fea¬ 
tures.  XrML  provides  access  to  content 
using  content  and  credential  servers, 
which  issue  credential  licenses  to  users 
that  determine  their  identity  and  role. 
When  an  employee  joins  or  leaves  a 
company,  access  to  content  should  be 
provided  or  removed  automatically 
using  XrML  to  communicate  directly  with 
the  necessary  systems. 

There  are  several  approaches  for  binding 
rights  to  content.  Some  implementations 
of  XrML  may  embed  the  rights,  or  license, 
within  the  content.  This  might  be  more 
suitable  for  static  content,  such  as  music, 
whose  rights  do  not  change.  Dynamic  con¬ 
tent  should  have  a  pointer  that  directs  the 
application  to  the  policy  server  to  receive 
the  latest  policy. This  pointer  lets  user  privi¬ 
leges  be  changed  without  republishing  the 
content. 

Today,  XrML  lacks  methods  for  tracking 
and  then  auditing  user  actions  on  pro¬ 
tected  content.  The  earliest  version  of 
XrML,  designed  for  content  publishing, 
simply  needed  to  grant  or  deny  access.  As 
XrML  becomes  more  popular  in  corpo¬ 
rate  environments,  new  versions  of  the 
language  will  need  to  address  this  type  of 
auditing,  and  tracking  will  be  critical  for 
auditing,  compliance  and  governance 
regulations. 

XrML  provides  a  good  start  at  a  common 
structure  for  representing  and  expressing 
rights.  However,  much  work  remains  to 
define  how  rights  are  communicated 
between  policy  servers,  the  actual  content 
and  heterogeneous  applications. 

Epstein  is  CTO  at  Liquid  Machines.  He 
can  be  reached  at  aepstein@liquid 
machines.com. 


Dr.  Internet  By  Steve  Blass 

The  IPv6  protocol  stack  software  that  ships  with 
Windows  2003  and  Windows  XP  (and  the  IPv6  tech¬ 
nology  preview  for  Windows  2000)  configures  net¬ 
work  addresses  automatically  at  start-up.  Can  we 
use  IPv6  on  the  LAN  instead  of  Dynamic  Host  Con¬ 
figuration  Protocol  to  configure  network  inter¬ 
faces  and  keep  LAN  traffic  private  from  the  Inter¬ 
net  without  using  network  address  translation? 

Microsoft’s  IPv6  software  documentation  says  it  is 


not  for  production  use,  but  it  is  a  good  time  to 
begin  IPv6  testing.  Local  link  addresses  are  config¬ 
ured  based  on  a  network  interface  card’s  media 
access  control  address,  so  DHCP  might  not  be 
necessary  in  the  IPv6  LAN.  The  downside  is  these 
addresses  are  easily  spoofed.  IPv4  must  be  in¬ 
stalled  to  use  IPv6.  Win  2003  lets  you  add  IPv6 
through  the  Network  Connections’  properties  dia¬ 
log.  Everything  else  is  done  from  the  command 
line.  On  XP,  use  the  'ipv6  install'  command  for 


installation.  The  command  ‘ipconf ig/all'  displays 
your  IPv4  and  IPv6  addresses.  Use  ‘ping  ::1'  to  ping 
your  local  IPv6  localhost  address.  Pinging  IPv6 
hosts  using  their  128-bit  address  can  be  painful, 
even  in  hexadecimal.  Host  tables  and  DNS  can  be 
used  to  provide  IPv6  name  service.  By  enabling 
Internet  Connection  Sharing,  you  can  use  IPv6  on 
XP  as  a  "6  to  4”  router  to  tunnel  IPv6  traffic  over 
an  IPv4  network.  For  more  information,  go  to 
www.nwfusion.com,  DocFinder:  9936. 
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Cascading  Style  Sheets  (3),  ho-ho! 
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a  K,  we’ve  been  delving  into  Cascading 
Style  Sheets  for  the  last  few  weeks,  so 
iet’s  get  down  and  let’s  get  dynamic 
with  CSS.  And  to  do  this  we  need  to  enter 
the  world  of  dynamic  HTML  (DHTML)  — 
essentially  HTML  manipulated  by  Java¬ 
Script, VBScript  or  any  other  browser  script¬ 
ing  language. 

Before  we  dive  into  that  topic,  we  need  to 
extend  the  concept  of  HTML  tags  to 
include  tags  that  have  no  properties.  The 
reason  this  matters  is  that  all  standard 
HTML  tags  come  with  a  property  set.  But 
those  properties  will  affect  the  presenta¬ 
tion,  and  you  probably  don’t  want  to  have 
to  go  to  the  trouble  of  redefining  them. To 
get  around  this  problem  there  are  two  spe¬ 
cial  tags:  <div>  and  <span>. 

The  division  tag,  <div>,  was  added  in 
HTML  3.2  and  is  much  like  <br>  and  <p>, 
but  where  <p>  creates  a  paragraph  break 
before  the  following  text,<div>  and  <br>  do 
not.  Try  saving  the  following  in  a  file  and 
then  loading  it  into  your  browser: 


<html> 

<body> 

This  is  line  one 
<br>This  is  line  two 
<div>This  is  line  three</div> 

<p>This  is  line  five</p> 

</body> 

</html> 

Note  that  <br>  does  not  have  an  associ¬ 
ated  end  tag  (</br>),  but  both  <div>  and 
<p>  do.  This  means  both  tags  define  a 
region  of  a  document  but  <div>  is  cleaner, 
as  it  has  less  effect  on  content.  On  the 
other  hand,  <span>,  which  was  added 
in  HTML  4.0,  is  even  cleaner  because  it 
doesn’t  cause  a  line  break. 

And  like  any  other  tags,<div>  and  <span> 
can  have  IDs  and  classes  assigned  to  them. 
For  example: 

^something  {  ... } 
span.nothing { ...  } 

<span  id=”something”>  . . .  </div> 

<span  class=”nothing”>  . . .  </div> 
DHTML  is  not  a  standard;  it  is  a  marketing 
term  that  Netscape  coined  and  Microsoft 
adopted  to  describe  some  new  features  of 
its  browsers  from  Version  4  onward. 

Of  course,  there  is  a  consequence  of 
this  being  a  marketing  term:  You  can  kiss 
compatibility  goodbye.  Well,  you  can  kiss 
complete  compatibility  goodbye,  as  there 


is  significant  commonality  between  the 
implementations  —  most  things  you  want 
to  do  with  DHTML  will  work  in  either 
browser.  But  the  devil  is  in  the  details  . . . 
and  in  the  bugs  in  the  browsers  (which 
are  problems  that  are  not  just  cross-ven¬ 
dor  but  cross-version  as  well  —  but  what 
did  you  expect?). 

Underpinning  DHTML  is  the  document 
object  model  (DOM),  a  map  of  the  con¬ 
tents  of  a  Web  page.  The  DOM  is  a  schema 
that  provides  a  way  of  identifying  the  com¬ 
ponents  that  make  up  a  given  Web  page 
starting  from  the  root  object  and  decom¬ 
posing  into  sub-objects. 

At  the  root  of  the  DOM  is  the  browser 
window  named  (no  surprise)  window, 
and  any  element  must  start  with  the 
object  window.  So  to  get  to  the  elements 
in  a  document  displayed  in  a  browser,  we 
refer  to  a  path  that  begins  “window.docu- 
ment”  although  just  “document”  is  usually 
used. 

So  let’s  say  you  have  a  button  defined 
such  as: 

<img  name=”pic  1  ”  src=”pic  lstate  1  .gif”> 

This  image  is  a  named  element  under 
the  images  objects  branch  of  the  DOM, 
and  you  would  refer  to  it  as  window.doc- 
ument.images.picl  or  document.images. 
picl.  Changing  this  element  with 
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JavaScript  is  as  simple  as  this: 

document.  images.picl.src=”piclstate2. 

gif” 

This  means  you  can  dynamically 
change  the  properties  of  an  on-screen  ele¬ 
ment  under  IE4+  and  NS6+.  Moreover, 
under  IE4+  and  NS4+  you  can  hide  or 
show  elements,  change  the  Z-index  (the 
depth  of  elements  on  screen),  control  the 
position  of  elements,  move  elements  on 
screen  and  let  users  move  screen  ele¬ 
ments.  And  for  IE5+  and  NS4+,  you  can 
change  the  clipping  of  an  object  —  the 
amount  of  the  object  that  is  displayed. 

As  you  might  guess,  there  are  many  dif¬ 
ferences  between  the  DOMs  of  Microsoft, 
Netscape  and  other  browser  vendors.  For 
example,  below  the  window  object  under 
Internet  Explorer  and  Netscape  browsers 
are  the  object’s  document,  history  and 
location.  Then  the  browser’s  DOMs  part 
ways:  The  Netscape  DOM  also  has  frames 
at  this  level,  while  Microsoft’s  DOM 
includes  toolbar,  packages  and  navigator. 

For  the  purposes  of  manipulating  con¬ 
tent  though,  we  are  concerned  only  with 
the  document  branch  of  the  DOM,  and 
here  is  where  standards  exist,  which  we’ll 
discuss  next  week. 

Styled  comments  to  gearhead@gibbs.com. 
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Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Even  with  a  few  weeks  of  trade-show  traveling,  we 
found  the  time  to  get  some  quick  testing  done  on 
some  cool  new  devices.  Here  are  some  mini-reviews 
from  the  Cool  Tools  Test  Zone. 

Product:  Gateway  DVD  Recorder  (AR-230) 

Company:  Gateway 
Price:  $300 

What  it  does:  Just  like  a  VCR,  the  AR-230  connects  to  your 
home  entertainment  system  to  let  you  record  TV  shows 
directly  onto  DVD+RW  or  DVD+R  discs.The  device  also  acts 
as  a  DVD  progressive  scan  player,  so  you  can  watch  pre¬ 
recorded  DVD  movies  on  the  system.The  box  also  supports 
VCD,  SVCD,  audio  CDs,  MP3  CDs  and  JPEG  photo  playback. 

Why  it’s  cool:  Using  this  device  was  a  superbly  easy  way 
to  record  TV  shows  onto  DVDs.  Set-up  was  simple,  and  the 
interface  was  very  intuitive. Several  options  for  audio  and 


The  Gateway  DVD  Recorder  not  only  records  TV 
shows  to  DVD  but  also  can  help  convert  VHS  tapes  to  disc. 


The  latest  from  the  Cool  Tools  zone 


video  inputs  and  outputs  (such  as  composite,  S-Video 
and  component)  made  this  worthy  of  our  home  enter¬ 
tainment  center. 

In  addition,  you  can  connect  a  camcorder  or  a  VCR  to 
the  device  and  transfer  your  home  movies  onto  a  DVD.  If 
you  don’t  care  about  fancy  menus, title  bars  and  such, this 
is  the  most  direct  (and  simplest)  way  to  transfer  your  old 
tapes  onto  the  DVD  format.  And  the  price  is  reasonable. 

Grade:  ★★★★★  (out  of  5) 

Product:  ZyAir  B-220  Wireless  LAN  USB  Stick 

Company:  Zyxel 

Price:  About  $50  (check  www.buycom) 

What  it  does:  This  is  a  USB  device  that  gives  you  802. 1 1  b 
wireless  LAN  network  connectivity  just  by  plugging  into  a 
free  USB  port.  The  device  is  about  the  size  of  a  stick  of 
gum  and  is  smaller  than  a  PC  card. 

Why  it’s  cool:  For  mobile  users,  the  USB  stick  is  perfect 
for  quick  wireless  network  access  and  small  enough  to 
conveniently  throw  into  your  laptop  bag.  The  B-220  also 
does  more  than  just  provide  connectivity  —  it’s  Wi-Fi-cer- 
tified  and  Windows-Hardware-Quality-Labs-certified,  and 
it  supports  802.  lx  authentication. 

Grade:  ★★★★ 

Product:  AVerMedia  TVBox  9 

Company:  AVerMedia 

Price:  $180 

What  it  does:  The  TVBox  9  is  an  external  device  that  lets 
you  plug  in  a  TV  feed  for  viewing  on  any  CRT  or  LCD 
monitor.  Audio  and  video  inputs  on  the  front  of  the 
device  let  you  plug  in  a  DVD  player,  VCR,  camcorder  or 
video  game  console.  When  you  connect  a  PC  to  the 
device,  you  can  get  TV  picture-in-picture,  letting  you 


watch  TV  on  your  monitor  while  you  surf  the  Internet. 

Why  it’s  cool:  The  number  of  different  devices  you  can 
connect  through  the  box  is  pretty  amazing  and  give  you 
many  ways  to  use  the  device.  For  example,  students  in  a 
dorm  room  that  doesn’t  have  space  for  a  TV  and  computer 
can  connect  the  TV  line  into  their  LCD  monitor  and  have 
both  (not  to  mention  an  Xbox  connection).  Setup  is 
straightforward;  the  only  thing  that  irks  us  is  the  short  VGA 
and  audio  cables,  making  for  a  cramped  setup  when  con¬ 
necting  the  PC.  Still,  being  able  to  switch  from  a  computer 
to  watch  cable  TV  then  switch  over  to  a  video  game,  is  sweet. 

Grade:  ★  ★★★■< 

Shaw  can  be  reached  at  kshaw@nww.com. 
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Network  Knowledge  at  Your  Fingertips. 

Grab  a  front  row  seat  as  some  of  today's  most  influential  experts 
delve  into  the  hottest  networking  issues  and  solutions. 


Network  Configuration 
Best  Practices 

Sponsored  by:  Voyence 

Watch,  listen  and  learn  as  experts 
offer  network  configuration  best 
practices. 

It's  not  about  network  security. 
It's  about  secure  networks. 

Sponsored  by:  Enterasys 

Listen  as  experts  discuss  practical 
steps  to  reduce  costs  and  ensure 
interoperability  while  guaranteeing 
network  security. 

Advancements  in  Secure 
Remote  Access  Management 

Sponsored  by:  F5  Networks 

Discover  a  new  generation  of 
secure  remote  access  solutions  that 
provide  mobile  workers,  partners, 
and  contractors  24/7  access. 

Enforcing  Network  Security 
Layer  by  Layer 

Sponsored  by:  F5  Networks 

Learn  what  you  can  do  at  the 
application  level  and  device  level 
to  protect  your  organization. 

Myths  and  Realities  of  SSL  VPNs 

Sponsored  by:  Permeo 

Separate  fact  from  fiction  as 
experts  sort  out  the  advantages 
and  disadvantages  of  SSL  VPNs 
and  IPsec  based  VPN  solutions. 


Internal  Network  Security: 

New  Perspectives  and 
Technologies 

Sponsored  by:  Check  Point 
Software  Technologies  Ltd. 

Take  a  look  at  the  internal  security 
risks  and  vulnerabilities  within 
your  network,  and  best  practices 
to  address  them. 

Intelligent  SANS  for  Enterprise 
Business  Continuity 

Sponsored  by:  Cisco 

Hear  why  disaster  preparedness  is 
a  real-world  necessity  as  well  as 
explore  the  technologies  and 
solutions  that  enable  Business 
Continuity  alternatives. 

From  Structure  to  Chaos: 
Storage  Management  Secrets. 

Sponsored  by:  EMC 

Get  the  tools,  tactics  and  techniques 
you  need  to  gain  control  of  your 
multi-vendor  storage  environment. 

The  Components  of  a 
Successful  Information 
Lifecycle  Management  Strategy 

Sponsored  by:  EMC 

Learn  how  to  maximize  the  value 
of  your  information  while  meeting 
demanding  business  requirements 
across  diverse  applications, 
regulations,  user  needs  and 
corporate  policies. 


Secure  Mobility:  Anywhere, 
Anytime  Access  to  Converged 
Services 

Sponsored  by:  Nortel  Networks 

Organizations  with  freedom  to 
move  securely,  move  forward.  Mere 
convenience  is  being  supplanted 
by  multimedia  convergence.  And 
the  proactive  are  being  substantially 
rewarded  with  productivity  and 
savings.  Learn  how  converged  secure 
mobile  communications  can  seam¬ 
lessly  integrate  into  your  enterprise 
to  build  a  sustainable  competitive 
advantage. 

Secure,  Converged  Mobility  - 
Appropriate  Access  for  both 
Wired  and  Wireless 

Sponsored  by:  Flewlett-Packard 

Ever-increasing  security  concerns  and 
an  increasingly  mobile  workforce  are 
set  to  test  the  mettle  of  corporate  LAN 
infrastructures.  HP  ProCurve  secure 
mobility  solutions  provide  precise 
control  for  both  wired  and  wireless 
environments,  including  new  WLAN 
products  that  offer  state-of-the-art 
security. 
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EDITORIAL 

John  Dix 

The  new-fangled 
way  to  stay 
connected 

One  e-mail  about  a  new  service  is  a  quirk.Two 
e-mails  in  a  few  days  is  a  curiosity  Three  e-mails 
within  the  space  of  a  week  is  a  bona-fide  trend. 

And  when  The  Wall  St.  Journal  and  The  New  York  Times 
write  stories  about  the  trend, you  suddenly  have  a 
phenomena. 

So-called  business  social  networks  sprung  on  the  scene 
last  year  and,  judging  by  personal  experience,  the  desired 
network  effect  is  beginning  to  work.  People  that  have 
joined  these  private  Web  sites  are  inviting  their  friends  to 
join,  who  are  inviting  their  friends  to  join.  While  my  in-box 
isn’t  overflowing,  I  have  received  enough  invites  to  spark 
my  interest. 

Unlike  general  sites  like  Friendster.com,  which  bills  itself 
as  a  way  to  meet  friends  and  find  dates,  sites  such  as 
Linkedln.com  and  Ryze.com  are  targeted  at  professionals. 
While  the  latter  two  differ  this  way  and  that,  the  general 
goal  is  to  help  you  make  connections  that,  as  Ryze  puts  it, 
will  enable  you  to  “grow  your  business,  build  your  career 
and  life,  find  a  job  and  make  sales.” 

These  business  social  networks  are  based  on  a  basic 
pyramid  scheme.  If  everyone  that  joins  invites  friends,  the 
numbers  get  large  fast.  I  was  invited  by  two  people  to  join 
Linkedln,and  after  I  filled  in  my  profile  (title,  industry, 
areas  of  specialty  and  biography),  I  accepted  their  invita¬ 
tions  to  join  their  networks.They  already  had  contacts  so 
I  was  instantly  two  degrees  away  from  107  people  (the 
site  keeps  track  for  you). 

In  fact,  the  site  said  I  was  three  degrees  away  from  1,400 
contacts  and  four  degrees  from  28,100  contacts  But  I 
could  only  see  the  list  of  people  known  by  my  two  origi¬ 
nal  contacts.  And  if  I  was  to  try  to  reach  out  to  one  of 
those  107  subscribers,  the  request  would  have  to  be  OK’d 
by  my  original  contact. 

1  found  some  interesting  folks  I  want  to  meet,  but  it  also 
works  the  other  way.  I  joined  Linkedln  at  3  p.m.  and  by  7 
p.m.,  there  was  an  invitation  from  a  CEO  asking  if  1  would 
join  his  network.That  was  compelling  evidence  that  there 
is  some  magic  here. 

But  the  real  value  comes  when  you  search  the  whole 
membership  base  for  specific  contacts,  whether  you’re 
looking  for  employees  or  a  job. The  site  returns  people 
you  can  contact  immediately  and  others  that  want  you  to 
step  through  the  referral  process. 

Linkedln  lets  you  do  this  for  free  today,  but  apparently  will 
start  charging  for  the  service  later  this  year.  Ryze  charges 
>10  per  month  for  its  most  advanced  search  capabilities. 

While  interesting  and  potentially  useful,  the  question  is 
whether  these  sites  will  be  able  to  make  enough  money 
to  survive. 

—  John  Dix 
Editor  in  chief 
jdix@nww.  com 


www.nwfusion.com 


ii  ions 


Flash,  but  no  substance 

Regarding  Mark  Gibbs’  Gearhead  column  “The  nuts 
and  bolts  of  Flashy  presentations”  (www.nwfusion. 
com,  DocFmder:  9923):  1  understand  that  this  is  a 
help-type  column  and  many  would-be  Hash  con¬ 
tent  creators  will  be  quite  happy  with  it.  But,  from  a 
user  point  of  view,  I  would  be  happy  to  see  Flash  and 
its  kind  just  go  away  The  essence  of  what  Flash  does 
is  take  control  of  what  I  view,  preventing  me  from 
using  simple  techniques  for  controlling  what  I  want 
to  see  and  retain. This  is  as  bad  as  pop-ups. 

Robert  Jones 
Sunnyvale,  Calif. 

Mozilla’s  Firebird  browser  (DocFmder:  9924)  has  a 
free  downloadable  extension  that  blocks  Flash  ads. 
It  shows  a  solid  gray  box  with  the  words  “Click  to 
pla/  That  particular  extension  is  one  of  the  first 
ones  I  download  when  setting  up  Firebird  on  a  com¬ 
puter.  The  other  is  IE  View,  which  gives  you  a  right- 
click  option  to  “open  link  in  IE”  or  “view  this  page  in 
IE.”  Browse  the  list  of  current  downloadable  exten¬ 
sions  at  DocFmder:  9928. 

Ron  Miller 
Collegedale.Tenn. 

Wrong  tool 

Regarding  Mark  Gibbs’  Backspin  column  “Blame  the 
workman”  (DocFmder:  9925),  in  which  he  mentions 
how  “NASA  had  become  too  reliant  on  presenting 
complex  information  via  PowerPoint,  instead  of  by 
means  of  traditional  ink-and-paper  technical  re¬ 
ports”:  Blame  belongs  to  those  who  think  PowerPoint 
and  its  ilk  are  the  solution  to  documenting  complex, 
and  possibly  life-threatening,  problems.  If  you  can’t 
understand  the  full  technical  documents,  then  you 

E-mail  tetters  to  jdix@nww.com  or  send  them  to  John  Dix ,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 


shouldn’t  be  making  life-and-death  decisions. 

Rob  Healey 
Minneapolis,  Minn. 

I  spy  spyware 

Regarding  “Fight  back  against  spyware”  (DocFmder: 
9926):  Here  is  spyware  that  millions  of  Americans 
are  going  to  unwittingly  install. TurboTax  installs  the 
C_D1LLA  service  in  the  background  that  eats  up 
CPU  cycles  and  keeps  you  from  copying  the 
TurboTax  CD  and  giving  it  to  your  friend.  Ad-aware 
finds  this  pest,  but  if  you  remove  it, your  tax  program 
stops  working.  What  has  this  world  come  to  when 
software  vendors  start  installing  spyware? 

Robert  Hale 
Lexington,  N.C. 

What  customer  service? 

Regarding  the  story  “MCI’s  chief  seeks  fresh  start  in 
’04”  (DocFmder:  9927):  Earlier  this  year  I  became  an 
MCI  subscriber.  I  was  having  trouble  establishing  ser¬ 
vice,  so  I  contacted  an  Iowa  office  of  MCI  found  in  a 
Google  search  of  “MCI  Customer  Service.’Two  weeks 
later,  I  received  a  letter,  digitally  signed  by  Jim 
Meyers,  stating  what  the  problem  was  with  my 
account  on  the  first  week  that  I  had  tried  establish¬ 
ing  service.  Mind  you,  by  this  time  1  was  finally 
receiving  service.  I  wrote  back  and  gave  him 
detailed  information  on  the  problems  I  had  had 
since  it  took  almost  two  months  to  finally  receive 
service.  I  recently  received  another  letter,  again  digi¬ 
tally  signed  by  Jim  Meyers,  stating  that  at  this  time 
service  was  not  available  in  my  area.  And  MCI  thinks 
it  has  solved  its  problems?  1  just  received  a  request 
from  BellSouth  to  come  back  to  its  services.  I  might 
have  to  out  of  principle:  At  least  BellSouth  knows  it 
lost  a  customer;  MCI  doesn’t  even  know  it  has  one! 

•  MacArthur  Wright 
Hernando,  Miss. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  9922 
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ON  THE  ROAD 

Sandra  Gittlen 


Controlling  messaging  chaos 
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aybe  it’s  the  statistics  that  get  me  — 
one  legal  firm  spends  $500,000  a  year 
combating  spam.  Maybe  it’s  that  spam 
is  threatening  to  ruin  a  prime  mode  of  busi¬ 
ness  communication.  Or  maybe  it’s  all  the 
other  resources  that  must  be  marshaled  to 
deal  with  spam  —  bandwidth,  storage  and 
support  costs,  to  name  a  few. 

In  Network  World's  Technology  Tour, 

“Messaging  and  Spam:  Chaos  to  Control,” 
which  kicks  off  March  23  in  Arlington,  Va., 

Network  World  columnist  Mark  Gibbs  will 
offer  advice  on  how  to  keep  spam  from  spin¬ 
ning  out  of  control  in  your  organization  and 

return  e-mail  to  the  productive  business  tool  it  should  be.  From  the  first 
slide  of  his  keynote  presentation,  Gibbs  makes  clear  just  how  tough  a 
row  IT  has  to  hoe  in  fighting  spam. 

The  good  news  is,  help  is  on  the  way.  Mature,  sophisticated,  really- 
attacks-the-problem  help  that  could  restore  messaging  systems  to  their 
original  productivity  levels.  Help  that  could  get  you  out  of  the  Band-Aid 
business  and  back  into  the  strategic, “what  else  can  this  messaging  sys¬ 
tem  do  for  us”  business. 

There  are  great  collaboration  tools  that  have  been  put  at  bay  because 
IT  is  busy  fighting  spam.  Your  energy  has  been  spent  containing  the 
spread  of  unsolicited  e-mail,  when  there  are  developers  out  there 
adding  cool  features  to  messaging  systems, such  as  presence  awareness, 
which  lets  you  link  your  communications  tools  so  users  can  access 
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each  other’s  information  databases  —  from  anywhere  at  anytime. 

Call  centers  should  be  using  the  amazing  advances  in  collaboration 
tools  that  let  operators  access  one  another’s  e-mail  files  or  connect  with 
one  another  instantly.  But  these  tools  look  very  scary  to  anyone  who  is 
worried  about  viruses.  Why  connect  more  things  if  it’s  just  going  to 
mean  the  rapid  spread  of  a  worm  when  an  epidemic  breaks  out? 

We’ve  got  to  move  past  that  mode  of  thinking,  and  the  Technology 
Tour  can  help  you  do  that.  Gibbs  and  1  will  be 
joined  on  stage  by  leading  messaging  and 
anti-spam  companies,  including  MailFrontier, 
MXLogic,  NetlQ,  SurfControl  and  Sybari 
Software.  Also  on  the  tour  will  be  Barracuda 
Networks,  Process  Software  and  SingleFin. 

Their  presentations  —  as  well  as  Gibbs’ 
morning  and  afternoon  addresses  —  will  help  you  rethink  your  mes¬ 
saging  architecture.  Each  company  will  offer  its  approach  to  not  only 
stop  spam  but  also  assist  you  in  rebuilding  your  messaging  strategy 

You’ll  also  get  tips  on  how  to  safely  integrate  other  messaging  tools, 
such  as  instant  messaging,  without  jeopardizing  the  safety  of  your  net¬ 
work.  Gibbs  also  offers  a  spam  calculator  that  will  help  you  figure  out 
how  to  keep  your  costs  under  control. 

The  goal  of  the  event  is  to  get  IT  back  to  a  place  where  messaging  is 
not  a  hindrance  but  a  beneficial  part  of  the  corporate  tool  kit.To  regis¬ 
ter,  visit  www.nwfusion.com,  DocFinder:  9658. 

Gittlen  is  editor  for  Network  World's  Events  and  Executive  Forums 
Group.  She  can  be  reached  at  sgittlen@nww.com. 
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YANKEE  INGENUITY 

Howard  Anderson 

Every  year  major  companies  such  as 
Cisco,  IBM,  Lucent  and  Nortel  spend  6% 
to  10%  of  their  budgets  on  research  and 
development,  yet  are  often  blindsided  by  hot 
young  companies.  Last  month,  Juniper  paid 
$3.3  billion  for  NetScreen  —  and  I  couldn’t  be 
happier  because  Battery  Ventures,  a  firm  1  co¬ 
founded,  had  NetScreen  stock.  But  it  raises  the  question  of  why  the  in¬ 
dustry’s  large  R&D  laboratories  never  seem  to  get  it  right. 

Imagine  you  are  a  CEO  of  one  of  the  major  communications  equip¬ 
ment  companies.  Publicly  you  are  a  big  fan  of  your  R&D  department  — 
and  privately,  you  wonder  what  the  hell  is  wrong.  Your  products  are 
always  late  and  seem  enfeebled.You  would  prefer  to  grow  organically 
through  your  own  research  than  to  be  constantly  buying  companies 
and  overpaying. The  investment  bankers  camp  on  your  doorstep  with 
the  “miracle”  new  company  that  can  get  you  back  in  the  game. You  are 
in  good  company:  JDS  Uniface  paid  $20  billion  for  E-Tek;  Lucent  spent 
$20  billion  for  Ascend;  and  Nortel  paid  $5.5  billion  for  Alteon,  $3.3  bil¬ 
lion  for  Qtera  and  about  the  same  amount  for  Bay  Networks. 

Maybe  the  R&D  departments  of  the  industry  are  just  plain  obsolete. 
There  are  three  reasons  why  this  is  the  case.  First,  they  tend  to  spend 
80%  of  their  time  tweaking  existing  products  and  not  building  the 
insanely  great  new  products  that  their  customers  want.  Second,  they 
are  loath  to  come  out  with  better  products  while  their  cash  cows  are 
still  churning  out  predictable  profits. 

The  third  reason  is  venture  capitalists  have  the  ability  to  entice  the  hot 
teams  right  out  of  the  labs  and  build  the  product  these  equipment 
companies  should  have  —  faster  and  better.  Bell  Labs  was  a  great  insti¬ 
tution  but  probably  couldn’t  be  put  together  today  with  the  crack  engi¬ 
neering  teams  that  made  it  famous  and  feared  by  competitors.  Nor 
could  Xerox  PARC  or  IBM  Labs. 

The  CEOs  in  the  industry  know  their  companies  and  their  jobs 
depend  on  getting  R&D  right  —  and  they  have  tried  everything.  Out- 


Why  are  the  R&D  labs 


source  R&D  or  bring  it  back  in-house?  Invest  in  venture  capital  funds  or 
suck  up  to  major  universities  such  as  Duke  and  Massachusetts  Institute 
of  Technology?  Acquire  tech  companies  or  just  make  strategic  invest¬ 
ment?  Whatever  they  do,  it  just  doesn’t  seem  to  work. 

An  interesting  twist  on  this  is  what  Cisco  is  trying  now.  Cisco  took  an 
interesting  internal  development, staffed  it  with  some  of  its  best  people, 
gave  it  some  money  —  and  set  it  free,  with  a  “buyback”  provision  built 
in  at  a  pre-arranged  price  when  the  new  company  hits  its  benchmarks. 
Very  creative  and  maybe  that  is  the  future  model,  because  it’s  clear  that 
the  old  model  of  a  corporate  R&D  division  just  ain’t  working. 

When  the  founders  of  AT&T  formed  Western  Electric  and  Bell  Labs, 
they  had  no  competition  and  little  choice. They  had  to  build  their  own 
equipment  because  there  was  no  one  else  around,  and  they  had  to 
mount  their  own  R&D  because  no  one  would  do  it  for  them.  When  Bill 
McGowan  started  MCI,  he  purposely  did  not  start  an  R&D  department 
because  he  believed  that  the  industry  had  grown  up  —  every  vendor 
now  wanted  his  business,  and  he  could  buy  from  the  best. 

Today,  both  in  the  enterprise  and  carrier  arenas,  the  incumbents 
(Alcatel,  IBM,  Lucent  and  others)  have  continually  shot  themselves 
in  the  foot,  then  attempted  to  solve  the  problem  of  having  the  wrong 
products  by  throwing  a  Hail  Mary  pass  through  acquisition  —  using 
financial  engineering  as  a  substitute  for  real  engineering. 

One  major  problem  when  you  build  a  company  with  cobbled- 
together  technical  platforms  is  that  they  just  do  not  “hum”  together. 
Integrating  all  these  platforms  results  in  continual  delays,  unantici¬ 
pated  costs  and  a  need  for  even  more  staff,  as  companies  are  forced 
to  become  their  own  systems  integrators.  If  the  communication 
industry’s  laboratories  had  worked  as  they  were  supposed  to,  we 
wouldn’t  have  this  problem,  but  I  suppose  it  was  inevitable. 

Anderson  is  senior  managing  director  of  YankeeTek  Ventures,  a 
Cambridge,  Mass.,  venture  capital  fund  for  early  stage  technology  com¬ 
panies.  He  can  be  reached  at  handerson@yankeetek.com. 
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■  BY  DEBORAH  RADCLIFF 


Hackers,  crackers,  carders  and  thieves 

are  putting  the  squeeze  on  your  network  security.  But  what  do  you  really  know  about 
them?  What  draws  them  to  your  network,  and  why  do  they  do  the  things  they  do? 


THE  EXTERNAL  ATTACK 


For  the  most  part,  hackers  break  into  corporations  for  one  reason:  Status. “The 
hacking  community  is  a  strong  meritocracy  where  status  is  determined  by  level 
of  competence,”  Kilger  says. 


As  such,  most  attackers  go  after  corporate  networks 
indiscriminately. They’re  looking  for  the  weakest  link.  And 
when  they  do  break  in,  they  share  their  results  with  others 
in  their  community  to  prove  their  prowess. 

“These  poorly  protected  victim  companies  are  what  1 
call  ‘targets  of  opportunity’”  explains  Charles  Neal,  vice 
president  of  security  for  the  managed  security  services 


PATTERNS  of  BEHAVIOR 


Select  the  target  using  IP  lookup  tools 
such  as  NSLookup,  Dig  and  others. 

Map  network  for  accessible  services 
using  tools  such  as  NMAP. 

Identify  potentially  vulnerable  services 
(in  this  case,  pcAnywhere). 

Brute  force  (guess)  pcAnywhere 
password. 

Install  remote  administration  tool  called 
DameWare. 

Wait  for  administrator  to  tog  on  and 
capture  his  password. 

Use  that  password  to  access  remainder 
of  network. 


Restrict 


behavior, 


Monitor  logs 
such  as  a  sb 
remotely  at  1 


division  of  Cable  &  Wireless,  which  has  investigated 
numerous  attacks  on  customers. 

Such  was  the  case  when  security  consultant  Greg  Gilliss 
investigated  a  digital  break-in  at  a  large  financial  institu¬ 
tion  last  year.  The  mutual  funds  firm  didn’t  call  law 
enforcement  because  it  conducts  business  with  the  gov¬ 
ernment  and  didn’t  want  them  to  know  about  it. 

The  company  suspected  foul  play  when  its  vice  presi¬ 
dent  walked  into  his  office  and  saw  the  cursor  moving 
files  around  on  his  Windows  2000  workstation. 

“This  was  definitely  a  target  of  opportunity”  Gilliss  says. 
“The  client  had  weak  passwords,  no  patches,  and  they 
were  running  services  they  didn’t  need,  all  of  which  were 
unprotected.  Worst  of  all,  they  were  running  pcAnywhere 
visible  to  the  outside  world  and  with  no  encryption 
through  their  one  router  firewall.” 

It  was  the  pcAnywhere  application  that  eventually 
granted  the  attacker  full  access  to  the  700-node  network. 
All  the  intruder  had  to  do  was  install  a  sniffer  and  wait  for 
the  administrator  to  log  on  to  the  vice  president’s  work¬ 
station  to  do  remote  administration.  Breaking  the  pass¬ 
word  was  trivial,  Gilliss  says,  because  the  administrator’s 
username  and  password  were  the  same  three  letters. 

Using  network  logs,  Gilliss  drew  a  scatter  plot  of  the  tres¬ 
passers’  behavior  inside  the  network  and  gathered  this 
profile: 

•  They  were  cautious  and  knew  U.S.  calendar  holidays, 
during  which  they  logged  on  to  avoid  detection. 

•  They  couldn’t  be  kids  because  script  kiddies  aren’t  so 
patient. 

•  They  were  in  a  time  zone  10  hours  away. 

•  They  never  stayed  longer  than  an  hour. 

•  They  logged  in  with  a  different  IP  address  each  time. 

•  They’d  been  there  for  more  than  a  month. 

After  three  weeks,  they  started  logging  on  during  work 
hours,  which  meant  they  didn’t  care  about  getting  caught 
anymore. 

With  this  information  and  a  little  investigation,  Gilliss 
ascertained  that  the  attackers  used  different  compro¬ 
mised  DSL  lines  each  time  they  returned,  and  all  of  these 
lines  tracked  back  to  a  single  ISP  in  Europe.  His  recom¬ 
mendation  to  his  client  was  to  fire  its  IT  consultant,  run  a 
penetration  test  against  the  network,  patch  its  systems, 
close  vulnerabilities  and  restrict  remote  access. 


Knowing  the  motivations  of  digital 
intruders  helps  you  understand  their 
behaviors,  says  Dr.  Max  Kilger,  a 
social  psychologist  for  the  Honeynet 
Project.  And  understanding  those 
behaviors  can  help  you  better  protect 
your  networks. 

With  this  in  mind,  Network  World  dug 
into  three  real  cases  to  analyze  the 
attackers’  behaviors  and  motivations. 
The  incidents  include  an  outsider 
attack  on  a  financial  institution,  the 
rooting  of  an  e-commerce  hosting 
provider  to  heist  credit  card  numbers 
and  an  employee  copying  a  client 
database  from  a  brokerage  firm  to 
take  to  a  new  job  at  a  competitor. 

Identifying  what  is  common  and 
what  is  unique  about  these  attacks 
gives  you  information  you  can  use  to 
further  your  own  protection,  detec¬ 
tion  and  forensics  practices. 

Radcliff  is  a  freelancer  writer  in  California. 
She  can  be  reached  at  deb@radcliff.com. 
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What  identity  thieves  are  seeking  is  money,  of  course.  But  those  who  broker  in 
stolen  credit  cards  also  are  strongly  motivated  by  status.says  Dan  Clements, CEO 
of  CardCops.com,  a  credit  card  protection  service  agency  that  scours  the  Internet  for 
compromised  credit  card  and  personal  data  and  reports  it  to  victims  and  banks. 


“Carders  would  love  to  root  servers 
at  e-commerce  sites  and  own  them, 
especially  when  credit  cards  are  sit¬ 
ting  there  unencrypted,”  Clements 
says.  “Then  they  post  them  to  carder 
Web  sites  and  say  ‘Hey  rate  me.’  The 
better  your  rating,  the  better  your  trad¬ 
ing  privileges.” 

Increasingly,  carders  are  part  of 
organized  crime  rings  mostly  from 
former  Soviet  Union  states,  Kilger 
says.  In  these  cases,  after  the  cards  are 
used  to  purchase  expensive  items, 
they’re  posted  at  carder  sites  to 
obscure  their  usage  patterns  and 
therefore  confuse  investigators. 

Attackers  going  after  e-commerce 
sites  also  indiscriminately  look  for  the 
weakest  security."!  call  these  ‘targeted 
victim  attacks.’They  gain  root  with  the 
specific  intent  to  steal  something,” 
C&W’s  Neal  says. “I  would  expect  the 
pattern  of  intrusion  activity  to  be  sim¬ 
ilar  to  a  ‘target  of  opportunity’  attack.” 

Such  an  opportunity  presented 
itself  in  January  2002  to  a  carder  who 
had  rooted  at  least  one  server  at  an 
e-commerce  hosting  provider.  The 
case  began  to  unfold  in  September, 
when  CardCops  investigators  culled 
some  60  invoices  (complete  with  pur¬ 
chaser’s  names,  addresses  and  phone 
numbers)  off  Carderplanet.com,  a 
carder  Web  site  since  removed. 

“We  noticed  that  the  invoice  num¬ 
bers  had  the  same  long-digit  formats. 
So  we  started  calling  the  consumers 
whose  card  numbers,  phone  num¬ 
bers  and  addresses  were  on  the 
invoices.  We  asked  them  where  they 
shopped.  We  were  able  to  trace  them 
all  back  to  several  merchants  at  a  sin¬ 
gle  hosting  provider  called  Serve, 
com  (since  renamed  as  Datarealm). 

When  he  called  the  merchants 
whose  invoices  were  heisted,  they 
complained  that  they’d  suspected 
problems  for  months  because  cards 
were  approved  at  the  time  of  pur¬ 
chase,  but  then  declined  two  weeks 
later  when  they  rechecked  the  cards 
before  shipping  backorders. 

Clements  e-mailed  Serve.com’s  sys¬ 
tem  administrator,  who  attributed  the 
problem  to  a  flaw  in  the  shopping  cart 
software  that  affected  only  24  of 
Serve.com’s  4,000  e-commerce  clients. 


Then  in  November,  a  skin  care  mer¬ 
chant  hosted  at  Serve.com  found  an 
alteration  to  her  directory  —  a  page 
added  on  Jan.  23, 2003,  titled  “index.- 
old.”  She  clicked  on  the  page  that 
read,  “MuShrooM  said  That  No 
RedeFace  (sic)  !  !  nitrOx  Ownz 
serve.com  ...lol.” 

Clients  of  Serve.com,  along  with  its 
CEO  and  systems  administrator, 


didn’t  return  Network  World’s  calls 
about  the  incident, so  details  are  not 
forthcoming  as  to  how  the  carder, 
gained  root. 

However,  Neal  surmises  that  once 
the  perimeter  is  exploited,  carders 
act  more  professionally  because  they 
don’t  want  to  be  caught  (see  graphic, 
right.) 

See  Hackers,  page  44 
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Act  quickly  and  precisely  to  make  their 
activities  harder  to  detect. 


*  Exploit  perimeter  through  vulnerable 
ports,  services  and  buffer  overflows. 

'  Use  Trojan  horses  (hidden  software)  to 
leave  back  doors  for  re-entry. 

•  Use  sniffers  to  capture  passwords. 
•Stick  around  until  noticed. 

c  Make  few  or  no  mistakes. 
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CYBER 


CRIME 

PROFILING 

IS  DEFINED  AS 


the  investigation,  analysis, 
assessment  and  recon¬ 
struction  of  data  from  a 
behavioral/psychological 
perspective  extracted  from 
computer  systems,  networks 
and  the  humans  committing 
the  crimes,  according  to 
William  Tafoya,  professor  in 
the  national  security  gradu¬ 
ate  program  at  the  University 
of  New  Haven  in  West  Haven, 
Conn. 

Tafoya  contends  that  serial 
computer  crackers’  M.O.s 
are  the  same  as  that  of  seri¬ 
al  murderers  and  rapists, 
meaning: 

•  They’re  creatures  of  habit. 


•  They  repeat  what  works. 


•  They  repeat  what  feels 
good. 


•  They  operate  up  to  their 
abilities. 
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'HING  FILES  FROM  WITHIN 


Revenge  is  one  reason  employees 
misuse  and  abuse  systems,  as  was 
the  case  when  Kenneth  Patterson,  former 
data  communications  manager  for  Amer¬ 
ican  Eagle  Outfitters,  disabled  his  compa¬ 
ny’s  ability  to  process  credit  card  purchas¬ 
es  for  the  first  five  days  of  the  holiday 
shopping  season  in  2002.  But  the  most 
common  motivator  behind  the  inside  job 
is  a  sense  of  entitlement,  experts  say. 


“The  threat  from  inside  is  not  just  disgruntled  employees 
wanting  to  get  even,”  C&W’s  Neal  says.  “Businesses  have 
always  had  what  you  could  call  shrinkage.  Employees  ratio¬ 
nalize  stealing  pencils,  paper  clips  and  bottles  of  Coke.  But 
with  digital  assets  stored  in  computers,  this  process 
becomes  more  impersonal,  repeatable  —  and  scalable. 
Now  you  can  steal  a  case  of  pencils  instead  of  a  box  of 
pencils,  metaphorically  speaking.” 

So  strong  is  this  feeling  of  entitlement  that  employee  theft 
of  data  makes  up  about  75%  of  the  cases  investigated  by 
Anton  Litchfield,  director  of  forensics  consulting  services 
for  NTI,an  electronic  evidence  discovery  firm. 

For  example,  last  summer  a  vice  president  of  sales  for  a 
stock  analysis  firm  quit  to  go  to  a  competitor.  But  before 
she  left,  she  copied  the  customer  database  to  take 
with  her. 

Suspicions  were  raised  when  one  of  her  co-workers  told 
his  network  manager  that  hed  seen  a  Windows  dialog 
box  copying  large  files  to  a  folder  on  her  home  comput¬ 
er  the  week  before  she  left  —  while  nobody  was  at  her 
desk.  Shed  accessed  her  office  computer  from  her  home 
computer  using  GoToMyPC. 

That’s  when  the  network  manager  contacted  NTI. 

Through  forensics  analysis  of  her  home  computer,  her 
office  computer  and  the  network  logs,  we  were  able  to 
prove  that  shed  accessed  those  files  from  home  and 
copied  them  onto  her  home  computer  just  before  she 
quit,”  Litchfield  says.“But  if  that  employee  hadn’t  seen  her 
computer  copying  those  files,  nobody  would  have  been 
the  wiser.” 

In  cases  of  both  a  disgruntled  employee  causing  dam¬ 
age  or  one  who  feels  entitled  to  steal, you  won’t  see  much 
digital  evidence  of  a  crime,  Neal  says.That’s  because  they 
already  have  the  access  and  the  insider  knowledge.  For 
example,  in  the  American  Outfitters  case,  for  which 
Patterson  was  sentenced  to  18  months  in  prison  in 
December  2003,  he  used  his  own  password  to  access  the 


Create  network  accounts  for 
themselves  and  their  friends. 


•Access  accounts  and  applications 
they  wouldn't  normally  use  for  their 
dailyjobs. 

•  E-mail  former  and  prospective 
employers. 

•  Conduct  furtive  instant-messaging 
chats. 

•  Visit  Web  sites  that  cater  to  disgruntled 
employees,  such  as  Fdcompany.com. 

•Perform  large  downloads  and  file 
copying. 

•Access  the  network  during  off-hours. 
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^  T  f*. -  MAX  KILGER  LIKES  TO  GET  INTO  THE  HEADS  OF 

computer  criminals.  He  chats  with  these  people 
at  conferences  and  online,  and  studies  their  behavior  when  they  hack  inside  Honeynet’s  decoy  com¬ 
puters.  Throughout  his  many  years  of  research,  he's  developed  a  motivational  profile  he  calls 
“MEECES”  —  for  money,  ego,  entertainment,  cause,  entrance  to  social  groups  and  status.  MEECES  is 
a  modification  of  of  the  FBI  and  military  security’s  counterespionage  profile  called  MICE  —  which 
stands  for  money,  ideology,  compromise  and  ego.  Kilger  outlines  behavioral  motivators  in  a  60-page 
Chapter  on  hacker  profiling  in  the  second  edition  of  the  Honeynet-developed  book  Know  Your 
:;:Snmiiies,  due  from  Addison  Wesley  in  May.  Here’s  the  upshot  of  those  motivators: 


*  -Stolen  credit  cards 
;xquireiifcy  lor  certain  crime 
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fb&n  for  access  to  other 
.^^rn^dcre^t  card  databases. 
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ENTERTAINMENT  The  bored 
teenager  syndrome  is  not  as  strong 
as  in  the  days  of  big  disk  drives  and 
mainframes,  but  it  remains  a  motiva¬ 
tor.  "You’ll  still  see  a  hacker  break 
into  a  system,  trash  it  up  and  sit  back 


the  community  from  black 


bite 'hat  hackers.-  ego  is  the 


and  watch  the  system  administrator 
scurry  around  trying  to  save  it," 
Kilger  says. 

CAUSE  — -  Think  haptivism.  mostly 
Web  site  defacements  and  distrib¬ 
uted  denial  of -service  attacks  tor  pol¬ 


itics  and  ideologies. 

ENTRANCE  INTO  SOCIAL  GROUPS 

Hackers  achieve  this  by  sharing 
their  successful  break-ins  will)  the 
groups  they  want  to  be  included  in. 
STATUS  This  is  the  strongest 
motivator  among  all  hackers, 
Crackers  and  carders  because  their 
main  emphasis  is  on  skills.  The 
higher  profile  the  target,  the  higher 
their  status. 


system  and  cause  the  damage.The  female  vice  president 
also  used  her  own  remote  logon  program  to  get  to  the 
files  she  downloaded. 


EDITOR’S  NOTE:  Adrian  Lamo,  a  white  hat  hacker 
who  pled  guilty  to  accessing  The  New  York  Times 
computers  without  permission,  agreed  to  share 
what  he  knows  about  some  of  the  common  IT 
security  slips  network  administrators  make. 
Lamo  studies  journalism  at  American  River 
College  in  Sacramento,  Calif,  as  he  awaits  sen¬ 
tencing  next  month. 


Profiling  network 
administrators 


BY  ADRIAN  LAMO 


One  well-ranked  Fortune  500 
company  was  recently  hiring  a 
network  security  professional. 
The  interview  process  required 
applicants  to  wait  in  the  HR  lobby, 
where  they  could  use  public  work¬ 
stations  to  browse  job  listings. 

Although  the  company  had  spent  a  hefty  sum 
on  a  Cisco  PIX  firewall  installation,  it  made  the 
mistake  of  placing  these  visitor  workstations  on 
the  internal  network  where  files  could  be 
accessed.  Rather  than  invest  less  than  $100  per 
month  to  equip  the  public  workstations  with  their 
own  broadband  connection,  the  firm  left  a  fine 
trophy  for  anyone  with  an  interest  in  competitive 
intelligence. 

Knowledge  about  potential  security  threats  is 
generally  required  for  the  defense  of  any  complex 
system.  But  intruder  intelligence  is  only  useful  as 
long  as  it’s  not  running  the  show.  Otherwise,  you’ll 
be  predictable  by  the  same  schemas  you  use  to 
predict  the  actions  of  others. 

For  instance,  many  would-be  intruders  know  that 
administrators  configure  their  intrusion-detection 
systems  in  very  linear  ways,  assuming  that  intru¬ 
sions  will  come  in  the  form  of  scans,  buffer  over¬ 
flows  and  predefined  attack  patterns. 

One  way  around  this  is  to  simply  push  random 
requests  through  the  Web  browser,  a  legitimate 
point  of  access.  At  one  company,  the  Web  mail  sys¬ 
tem  let  users  forward  their  mail  to  any  address  with 
only  their  Social  Security  number^and  last  name. 
However,  a  quick  search  revealed  a  corporate 
directory  that  included  Social  Security  numbers  of 
all  employees  and  contractors,  including  the  CEO. 

Some  companies  even  put  in  extra  layers  of 
security  such  as  token  authentication  devices.  But 
again,  they  perceive  the  problem  incorrectly  by 
forgetting  that  attacks  can’t  be  counted  on  to 
originate  at  the  edge  of  the  network. 

In  the  late  1990s,  intruders  remotely  bypassed 
AOL’s  SecurlD  authentication  system  by  develop¬ 
ing  software  that  would  let  them  redirect  their 
Internet  connections  through  AOL  employee  work¬ 
stations,  masked  as  innocent  Web  connections. 
Suddenly  AOL’s  network  was  riddled  with  private 
gateways.  AOL’s  logon  servers  saw  their  connec¬ 
tions  as  originating  from  inside  the  network,  and 
didn't  bother  to  ask  them  for  a  SecurlD  code.  As  a 
result,  hundreds  of  high-profile  AOL  accounts 
were  compromised. 

The  belief  that  attacks  will  inherently  come  from 
the  outside  sets  networks  up  to  fall.  Security  is  not 
always  a  linear  process.  If  you're  going  to  profile 
intruders,  profile  defenders  too  —  be  they  good 
examples,  or  terrible  warnings. 
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Secure  Shell  software 


New  SSH  Communications'  offering  adds 
ease  of  use  to  its  Tectia  package 


t  *  ■  BY  RODNEY  THAYER,  NETWORK  WORLD  LAB  ALLIANCE 

m  our  test  of  SSH  Communications  Security’s  Tectia  4.0  —  its  upgraded 

f§  |29  Secure  Shell  client  and  server  combination  —  we  found  it  is  easy  to 
I  use;  provides  convenient,  restartable  file  transfers;  and  offers  more  GUI 
features  than  competing  commercial  and  open  source  SSH  implementations. 


Tectia  4.0  also  supports  a  variety  of 
port-forwarding  schemes  that  let  you  set 
a  VPN-like  tunnel  to  your  managed 
machines. 

On  the  downside,  some  of  the  authenti¬ 
cation  options  were  very  difficult  to  con¬ 
figure  and  use. 

The  SSH  code  —  developed  by  SSH 
Communications  in  1995  —  provides 
console  (or  ‘shell’)  communications  be¬ 
tween  a  network  device  and  a  local  PC 
over  the  Internet,  using  cryptographic 
techniques  to  secure  user  authentication 
processes  and  data  traffic  flow  between 
the  machines.  Tectia  4.0,  announced  in 
October  and  released  in  December,  sup¬ 
ports  the  current  version  of  the  protocol, 
SSH  2.  and  the  older  SSH  1. 

We  tested  Tectia  4.0  client  and  server 
versions  for  Windows  and  Linux  (see 
How  we  did  it  at  www.nwfusion.com, 
DocFinder:  9929.)  SSH  Communications 
also  offers  Tectia  Connector,  a  product 
that  supports  application  tunneling,  and 


Net  Results 


Tectia  Client  and 
Server  Version  4.0 


OVERALL  RATING 


Company:  SSH  Communications 
Security,  (650)  251-2700,  www.ssh.com 
Cost:  $116forTectia  Client;  $657  forTectia 
Server  for  Windows;  $559  forTectia  Server 
for  Unix.  Pros:  Easy-to-use  GUI;  secure, 
restartable  file  transfers.  Con:  Complex 
configuration  process  for  some  of  the 
authentication  options. 

 The  breakdown 

Security  features  40'/o  5 
Management/ease  of  use  40%  4 
Authentication  options  10%  3 
Installation  5%  3 
Documentation  5%  4 
TOTAL  SCORE  4.35 


Scoring  Key:  5:  Exceptional;  4:  Very  good;  3: 
Average;  2:  Below  average;  1:  Consistently 

subpar 


Tectia  Manager,  software  for 
managing  distributed  Tectia 
client/server  installations. 

Installation  of  Tectia  4.0  on 
Windows  systems  was 
straightforward.  But  the  soft¬ 
ware  was  more  difficult  to 
get  running  on  Red  Hat 
Advanced  Server  because 
you  have  to  uninstall 
OpenSSH  to  run  Tectia. 

The  documentation  was 
accurate  and  plentiful,  and 
gave  solid  information 
about  the  core  functions 
overall,  but  the  parts  pertain¬ 
ing  to  the  new  features  were  a  bit  sloppy 
For  example,  while  the  documentation 
suggests  that  the  product  supports  IPv6, 
the  vendor  does  not  recommend  it  for 
production  environments. 

You  manage  Tectia  servers  like  any 
other  Unix/Linux  Daemon  or  Windows 
service.  On  Unix,  the  Tectia  code  gener¬ 
ates  syslog  messages  so  you  can  track 
procedures  such  as  user  logons  or  logon 
failures.  In  Windows,  the  Tectia  server 
generates  messages  to  the  Windows 
Event  Log.  The  servers  emit  messages 
when  the  configuration  changes,  which 
could  become  a  problem  when  strict 
change  controls  are  required. 

Tectia  4.0  provides  a  Windows  GUI- 
based  file  transfer  tool  so  you  don’t  need 
to  run  a  command-line  application  to 
perform  SSH  file  transfers. This  improves 
its  ease  of  use  over  previous  versions. 

Previous  versions  of  the  product  let  you 
set  up  SSH  tunnels  as  an  alternative  to 
IPSec  VPNs.  Tectia  4.0  makes  this  much 
easier  to  use.  The  client  can  be  config¬ 
ured  in  a“port  forward  only” mode  so  you 
can  deploy  it  to  desktops  with  minimal 
user  configuration.  It  also  supports  Socks, 
a  connection  proxy  mechanism  that 
browsers  and  e-mail  clients  use,  which 
makes  it  much  easier  to  configure  other 
software  on  the  client  system  to  support 
SSH  port  forwarding. 

Tectia  4.0  supports  several  cryptograph¬ 
ic  algorithms,  including  Advanced  En¬ 
cryption  Standard  (AES),  the  current  al¬ 


gorithm  of  choice  for  encrypting  data; 
Triple-DES,  Arcfour  (RC-4)  and  others. 
SSH  Communications  also  addresses  the 
current  IETF  work  to  standardize  the  SSH 
protocol,  with  support  for  keyboard-inter¬ 
active  authentication  (a  new  mechanism 
designed  to  support  future  interactive 
user-authentication  mechanisms),  Gen¬ 
eric  Security  Services  API  (GSS-API)  used 
for  Active  directory  authentication,  and 
X.509  digital  certificates. 

We  reconfigured  the  server  to  use 
Rivest-Shamir-Adelman  (RSA)  keys  in¬ 
stead  of  Digital  Signature  Algorithm 
(DSA)  keys  (the  default.)  This  process 
was  straightforward,  but  interoperability 
issues  surfaced.  The  full  procedure  for 
setting  up  a  new  SSH  server  included 
having  a  client  verifying  the  server’s  pub¬ 
lic  key  hash.The  standard  way  to  do  this 
—  supported  by  the  open  source  com¬ 
munity  and  many  SSH  vendors  —  is  to 
display  the  MD5  hash  of  the  host  key 
Tectia  does  not  support  this  procedure. 
It  displays  the  hash  in  its  proprietary 
Bubble  Babble  format.  We  were  forced 
to  use  other  tools  to  confirm  our  keys 
when  interoperating  with  other  SSH 
implementations. 

SSH  Communications  offers  an  array  of 
authentication  options,  from  simple  user¬ 
name/password  all  the  way  up  to  smart 
card  digital  certificates.The  more  sophis¬ 
ticated  options  are  intended  for  use  in 
situations  where  strong  authentication  is 
justified, such  as  medical  systems, access 


to  sensitive  network  equip¬ 
ment, traveling  executives  or 
military  applications.  We 
tested  just  the  username/ 
password,  SSH  key  mecha¬ 
nisms  and  X.509  certificates. 

We  exercised  connection 
combinations  using  Tectia 
clients  and  servers,  and  we 
tested  interoperability  with 
OpenSSH  and  Putty  (two 
open  source  SSH  imple¬ 
mentations)  and  other 
SSH  products.  Everything 
worked  as  expected  with 
the  password  and  SSH 
key  mechanisms. 

However,  X.509  support  was  more  diffi¬ 
cult  to  set  up.  After  several  calls  and 
e-mails  to  the  vendor’s  support  team,  we 
got  X.509  certificate  authentication  to 
work.  It  is  very  complex  and  not  com¬ 
pletely  documented.  While  the  product 
does  function  as  advertised,  this  mecha¬ 
nism  is  probably  too  difficult  to  deploy  to 
be  useful  in  most  environments. 

Overall,  we  concluded  that  Tectia  4.0  is 
a  commercial-grade  SSH  implementa¬ 
tion  that  offers  the  strong  security  fea¬ 
tures  of  the  SSH  protocol  with  a  pretty 
rich  set  of  authentication  and  usability 
features.  It  would  be  a  good  fit  in  envi¬ 
ronments  where  you  have  cross-platform 
(Windows,  Unix,  and  network  devices) 
SSH  console  access  requirements. 

Thayer  is  a  security  researcher  at  Canola 
&  Jones  in  Mountain  View,  Calif.  He  can  be 
reached  at  rodney@canola-jones.com. 


Thayer  also  is  a  member  of  the  Network 
World  Lab  Alliance,  a  cooperative  of  the 
premier  reviewers  in  the  network  industry, 
each  bringing  to  bear  years  of  practical 
experience  on  every  review.  For  more  Lab 
Alliance  information,  including  what  it  takes  j 
to  become  a  partner,  go  to  www.nwfusion  j 
.com/alliance. 
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3Com 

3Com  Corporation 

XRN  Technology 

3Com  is  a  leading  provider  of  innovative,  practical  and  high-value 
networking  products,  services  and  solutions  for  enterprises  of  all 
sizes  and  public  sector  organizations.  3Com’s  innovative  XRN 
technology,  which  earned  3Com’s  distinction  as  a  “Best  of  the 
Tests”  Finalist,  contributes  to  the  network  resiliency  required  for 
voice  and  data  convergence. 

(800)  NET-3Com  •  www.3com.com 


ApIrati 

ADTRAN,  Inc. 

ADTRAN,  Inc.,  is  one  of  the  world’s  most  successful  data  network¬ 
ing  and  telecom  equipment  suppliers,  with  a  portfolio  of  more 
than  1,000  solutions  for  use  in  voice  and  data  networks.  ADTRAN 
offers  a  broad  range  of  internetworking  solutions  including  T1 
access  routers,  Ethernet  switches,  VPN/lnternet  Security  devices, 
Integrated  Access  Devices,  and  a  host  of  network  access  products. 
(256)  963-8000  •  www.adtran.com 


IntraDyn,  Inc. 

RocketVault 

RocketVault™  delivers  enterprise-caliber  network  backup  and 
archiving  services  to  small-  and  medium-sized  business  and 
branch/remote  offices.  RocketVault™  is  a  simple,  automated, 
disk-based  backup  and  archiving  appliance  that  includes  software 
licenses  for  unlimited  clients/servers.  Backups  and  archives  can 
be  encrypted,  stored  locally  and  transmitted  off-site. 

(952)  936-7733  •  www.intradyn.com 


Network  Instruments,  LLC 

Observer  9.0 

Network  Instruments’  award-winning  Observer  combines  a 
comprehensive  management  and  analysis  console  with  remote 
Probes  to  provide  integrated  monitoring  and  management  for 
most  networks  (LAN,  802.11  a/b/g,  Gigabit,  WAN).  Observer  is 
designed  utilizing  our  Distributed  Network  Analysis  (NI-DNA™) 
architecture.  With  NI-DNA,  the  Observer  solution  set  simplifies 
network  troubleshooting  and  management,  optimizes  performance 
and  scales  to  meet  the  needs  of  any  organization. 

(800)  526-7919  •  www.networkinstruments.com 


All  efforts  have  been  made  to  make  this  listing  as  complete  and  accurate  as  possible.  Network  World  is  not  liable  for  errors  or  omissions. 
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Face-off 

Two  industry  insiders  debate  the  merits  of 


Are  anti-spam  appliances 
better  than  software? 

their  anti-spam  approaches. 


Yes,  by  Tim  Chiu 


No,  by  Ken  Schneider 


Appliances  are  a  much  better  choice  than  software  for  spam  protection  because 
they  address  the  broad  range  of  security  threats  facing  large  companies,  small 
businesses,  service  providers,  and  educational  and  government  institutions. 
Deployed  at  the  edge  of  a  customer’s  network,  gateway  appliances  provide  the 
most  efficient,  easy-to-manage  approach  to  solving  spam  problems  by  offload¬ 
ing  the  existing  mail  server  and  addressing  security  threats  before  they  enter  an  organi¬ 
zation’s  network. 

Customers  want  effective  spam  products  —  products  with  proven  high  catch-rates  and 
zero  false  positives.  Appliances  pre-integrate  a  variety  of  e-mail  security  technologies  into 
one,  purpose-built  unit  to  get  the  best  spam  accuracy  with  no  impact  on  a  customer’s  mes¬ 
sage  network  and  e-mail  service  reliability  Combined  security  features  help  customers  get 
better  overall  protection  and  simplify  the  IT  administrator’s  life.  Appliances  can  be 
deployed  in  minutes,  compared  with  hours  or  days  with  software-only  approaches. 

Even  with  all  spam  technology  being  equal  —  regardless  if  it’s  software-based  or  an 
appliance  —  appliances  let  customers  deploy  protection  more  quickly  and  take  advan¬ 
tage  of  built-in  optimization  for  performance  and  reliability  currently  unattainable  with 
software  on  general-purpose  servers.  Furthermore, software-based  approaches  have  inher¬ 
ent  vulnerabilities  when  deployed  on  general-purpose  platforms.  Operating  systems  such 
as  Solaris  and  Windows  have  widely  known  susceptibilities  to  viruses  and  hacker  threats 
that  make  them  vulnerable  to  increased  attacks.  Appliance-based  products  employ  a  pre¬ 
hardened  operating  system  that  has  no  exposed  executable  environment  or  open  ports 
that  a  hacker  can  exploit. 

Appliances  provide  a  more  complete,  holistic  approach  to  e-mail  security.  Customers 
appreciate  the  “one  source,  one  solution”  approach.  According  to  a  November  2003 
report  by  Michael  Osterman  of  Osterman  Research,  70%  of  customers  prefer  to  pur¬ 
chase  messaging-threat  products  from  one  source. Single-source,  integrated  e-mail  secu¬ 
rity  products  include  capabilities  for  managing  traffic  and  performing  advanced  analy¬ 
sis  beyond  just  spam  filtering  —  including  reverse  DNS  lookup,  Simple  Mail  Transfer 
Protocol  authentication,  virus  scanning,  content  filtering,  policy  enforcement,  detailed 
logging  and  reporting,  and  more. 

In  contrast,  software-only  spam  products  tend  to  be  narrowly  focused  on 
spam  filtering  and  overlook  related  threats  that  can  seriously  expose  an  orga¬ 
nization’s  message  network  to  an  increased  deluge  of  spam  traffic, spammer 
exploitation  or  a  variety  of  other  threats. 

Appliances  are  a  more  effective  solution  for  stopping  spam  and  a  more 
complete  e-mail  security  approach.  They  require  dramatically  less  ongoing 
management  than  software,  delivering  much  faster  ROI  and  a  low  ongoing 
total  cost  of  ownership.  Any  organization  thinking  seriously  about 
e-mail  reliability  and  security  should  standardize  on  appliances. 


The  growth  of  spam  in  the  past  five  years  has  created  such  a  deluge  that  anti¬ 
spam  technology  has  become  a  necessity  rather  than  a  precaution.  Enterprise 
customers  face  a  choice  between  anti-spam  software  that  can  be  deployed 
across  any  operating  system  and  hardware  platform,  and  anti-spam  appliances 
that  come  preconfigured  and  ready  to  be  installed  into  a  rack. 

There  is  a  sound  reason  for  this  competition  —  different  customers  have  different 
requirements.  Whereas  one  company  might  want  an  “out  of  the  box  and  into  the  rack” 
appliance  with  preset  controls,  another  company  might  want  the  flexibility  provided  by 
software  with  comprehensive  administrator  settings  that  can  be  deployed  on  the  platform 
of  choice.  However,  the  crucial  element  to  any  effective  anti-spam  solution  —  software, 
appliance  or  other  —  is  software. 

Anti-spam  appliance  providers  often  tout  their  products  as  easy  to  install  and  deploy 
with  a  low  cost  of  security  because  the  box  is  self-contained. These  hardware  character¬ 
istics  say  little,  however,  about  the  product’s  effectiveness  in  actually  stopping  spam. 
Appliances  still  require  strong  software  to  get  the  job  done. 

Effective  software  provides  the  flexibility  necessary  to  thwart  today’s  sophisticated  spam 
attacks.  Administrators  need  the  ability  to  manipulate  filters,  monitor  quarantines  and  re¬ 
ceive  constantly  updated  rules.The  fight  against  spam  is  a  fast-paced  battle  with  technically 
proficient  spammers  working  to  defeat  the  latest  in  anti-spam  technology.  Companies  can’t 
afford  to  have  a  product  that  doesn’t  provide  the  flexibility  to  stay  ahead  of  spammers. 

Without  effective  software,  hardware  products  such  as  anti-spam  appliances  would  not 
be  possible.  Imagine  a  race  car  with  an  economy-car  engine  or  a  modern  server  powered 
by  an  Intel  286  processor.  If  you  do  not  have  software  that  is  sophisticated  enough  to  take 
full  advantage  of  the  hardware  platform,  you  are  left  with  an  underpowered  and  under¬ 
utilized  device.  Effective  anti-spam  software  is  platform-agnostic  —  it  can  be  deployed 
with  any  operating  system,  used  with  various  e-mail  applications  and  installed  on  any 
hardware  platform,  including  appliances. 

Anti-spam  software  uses  a  multilayered  approach,  with  controls  to  stop  spam  at  the 
e-mail  gateway  the  ability  to  quarantine  messages  and  more  control  given  to  end  users. 
The  most  complete  anti-spam  software  provides  the  best  of  these  key  characteris¬ 
tics  —  effectiveness  (most  spam  stopped),  accuracy  (fewest  false  positives) 
and  zero  administration  (automated  and  timely  updates)  —  all  in  a  plat¬ 
form-agnostic  package. 

Spam  already  costs  U.S.  companies  more  than  $20  billion  per  year.  If  your 
company’s  anti-spam  product  is  underpowered  and  ineffective,  you  will  con¬ 
tribute  to  this  figure  either  through  lost  productivity  or  increased  vulnerability. 
To  obtain  the  level  of  performance  necessary  to  protect  your  company  strong 
software  must  be  the  key  component  of  your  anti-spam  solution, 
regardless  of  your  hardware  choices. 


More  online! 


Log  on  to  Network  World  Fusion  to  voice  your  opinion. 
Face-off  authors  Tim  Chiu  and  Ken  Schneider  will  add 
their  thoughts  to  the  discussion. 

DocHnder:  9921 


Chiu  is  a  senior  manager  at  Mirapoint,  an  e-mail  security  appliance 
vendor  in  Sunnyvale,  Calif.  He  can  be  reached  at  tchiu@mirapoint.com. 


Schneider  is  CTO  for  Brightmail,  an  anti-spam  software  vendor  in 
San  Francisco.  He  can  be  reached  at  cto@brightmail.com. 
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complete  coverage  of  this  year  s  Best  of  the  Tests  Finalists. 


Oculan  Corporation 

Oculan  250 

The  Oculan  250,  the  award-winning  ‘purple  box’,  is  a  network  and 
security  management  appliance  providing  enterprise-level  tools 
at  a  fraction  of  those  tools’  typical  cost  and  complexity.  Intrusion 
detection,  network/systems  management,  vulnerability  scanning, 
network  traffic  analysis  and  more.. .in  an  appliance  that  can  be 
deployed  in  as  little  as  an  hour. 

(800)  247-5080  •  www.oculan.com 


OPNET 

Making  Networks  and  Applications  Perfornr 

OPNET  Technologies,  Inc. 

IT  Guru 

IT  Guru  is  OPNET’s  flagship  product  for  making  enterprise  net¬ 
works  and  applications  perform.  OPNET  IT  Guru  solutions  include 
the  fastest  commercial  technology  for  end-to-end  application  per¬ 
formance  troubleshooting;  the  most  advanced  network  configura¬ 
tion  auditing  capability;  and  defines  state-of-the-art  for  predictive 
planning  and  analysis. 

(240)  497-3000  •  www.opnet.com 


Sprint 

PCS  VisionSM  Smart  Device  Handspring®  TreoSM  600 

The  PCS  VisionSM  Smart  Device  Treo  600  by  Handspring  is  the 
ultimate  tool  for  mobile  professionals  and  on-the-go  consumers 
who  want  to  shed  their  multiple  devices  by  combining  their  wire¬ 
less  phone,  messaging,  Palm  OS®  organizer  and  digital  camera. 

The  Treo  600  sports  a  new  candy  bar  design,  full-color  screen, 
Palm  5.2. 1HS  Operating  System,  a  backlit  QWERTY  keyboard  with 
dome-shaped  keys,  a  144MHz  ARM  9  processor,  a  VGA  quality 
camera  and  a  PCS  Phone,  helping  mobile  professionals  stay 
connected  in  style. 

(913)  794-0000  •  www.sprintpcs.com 


All  efforts  have  been  made  to  make  this  listing  as  complete  and  accurate  as  possible.  Network  World  is  not  liable  for  errors  or  omissions. 
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Clearing  the  clutter 

Don’t  let  your  storage  rooms  get  overrun  by  obsolete  eguipment. 


■  BY  SANDRA  GITTLEN 

Vintage  printers.  Old  PCs.  Back-up  tapes 
without  the  systems  to  read  them.  Out-of- 
date  telephone  systems. 

These  were  just  a  few  of  the  items  that  Greg  Johnson 
found  stored  in  what  he  called  the  graveyard  room  at  his 
former  employer.  The  dumping  ground  was  on  the  same 
floor  as  executive  management,  who  passed  by  it  every 
day  “It  was  the  most  equipment  I  had  ever  seen  in  the 
smallest  physical  space,”  Johnson  says.'Jt  was  using  up  pre¬ 
mium  office  space.” 

“I  haven’t  worked  anywhere  since  where  I’ve  allowed  a 
graveyard  to  exist,”  he  says.  Johnson,  who  is  now  corporate 
director  of  operations  centers  at  Baylor  Healthcare  System 
in  Dallas,  has  helped  to  create  an  automated  system  with¬ 
in  the  IT  department  that  monitors  the  life  span  of  every 
piece  of  equipment. 

The  program  is  Web-based  and  displays  a  floor  plan  of 
Baylor’s  four  data  centers  with  representations  of  the  300 
systems  running  in  the  network.  Rolling  a  cursor  over  a  por¬ 
tion  of  the  floor  plan  provides  all  the  information  related  to 
the  equipment  and  software,  including  serial  numbers, 
which  is  stored  in  databases. 

Each  piece  of  equipment  brought  into  the  network  is 
given  a  birth  date  and  an  end-of-life  date  pertaining  to 
leases  or  a  typical  life  span. 


As  the  end-of-life  date  approaches  or  a  lease  is  about  to 
expire,  the  system  automatically  sends  out  an  e-mail  alert 
to  the  person  responsible  for  that  gear,  who  decides 
whether  to  renew  the  lease  or  retire  the  equipment.  When 
the  system  is  finished  in  production,  it  is  eliminated  from 
the  floor  plan  and  database. 

Johnson  says  this  forces  people  to  ask  the  question:  “Are 
we  going  to  still  use  this?”  Old  equipment  piles  up  when 
people  don’t  do  that.“They  retire  an  old  AIX  box  that’s  mar¬ 
ginal.  You  know  when  you’ve  got  something  that’s  so  old 
and  unusable  without  enough  horsepower? 

While  you  won’t  find  a  graveyard  room  at  Baylor,  Johnson 
still  has  a  storage  room  with  a  few  contents.“The  things  that 
are  in  there  are  [duplicate]  pieces  of  equipment  we  use  to 
scavenge  parts  for  stuff  that’s  still  in  production.” 

By  staying  on  top  of  the  life  span  of  the  equipment, 
Johnson  says  he  avoids  the  hassles  that  come  with  trying 
to  get  rid  of  stuff  later.  At  the  end  of  the  lease,  his  team 
trades  in  equipment  for  a  new  lease,  returns  it  for  a  cred¬ 
it  toward  training  from  the  vendor  or  buys  it  for  his  engi¬ 
neers  to  use  to  test-drive  new  applications. 

When  the  equipment  Baylor  owns  outright  reaches  the 
end  of  its  life,  Johnson  sells  some  to  resellers.  He  and  his 
team  carry  other  equipment  to  the  dumpster. 

This  idea  makes  Bill  Sadlick  cringe.  Caught  in  the  cross¬ 
fire  of  downsizing  within  the  telecom  industry  Sadlick,  a 
network  manager  at  Charles  Industries  in  Chicago,  has  200 
extra  PCs  lying  around  from  all  the  empty  offices.“We  can¬ 
nibalize  them  to  death,’ ’he  says,  making  use  of  memory  net¬ 


Spring  cleaning 


O'  w 


Professionals  recommend  starting  an  end-of-life-span 
strategy  for  your  computer  equipment  the  minute  you 
bring  it  in-house.  Here  are  some  tips: 

•  Assign  a  birth  date  and  end-of-life  date  —  when  a  lease  expires 
or  the  value  of  the  equipment  will  deteriorate  —  to  each  piece 
of  gear  you  purchase,  and  enter  that  information  into  a  database. 

•  Set  the  database  to  alert  the  manager  when  an  end-of-life  date 
is  approaching.  Leave  enough  time  to  consider  installing  new 
systems  or  renegotiating  contracts. 

•  Take  action  immediately.  Send  the  box  back  to  the  vendor, 
renegotiate  the  lease,  or  allow  your  engineers  to  use  it  for 
training  or  testing.  Don’t  just  let  it  sit  around. 

•  Take  stock  of  your  storage  room.  If  you  are  moving  equipment 
into  storage,  make  sure  you  enter  information  about  it  into  a 
manifest,  noting  what  components  are  salvageable. 

•  Make  sure  hard  drives  are  clean,  even  in  the  storage  room. That 
way  if  someone  steals  the  computer,  you  aren't  liable  for  the 
information  on  the  hard  drive. 
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work  cards  and  any  other  needed  components. 

“I  report  to  the  CFO  so  when  1  say  there’s  a  cost  element 
to  it  —  if  it’s  useful,  I  can’t  throw  it  out.  1  can’t  go  and  say 
I  need  to  buy  20  new  PCs,”  he  says.Sadlick’s  asset-tracking 
system  helps  him  get  at  least  five  years  out  of  each  PC. 

Sadlick  tries  to  keep  his  graveyard  rooms  orderly  “One 
stores  monitors,  one  stores  systems,  one  stores  software.  1 
work  for  a  manufacturing  company,  so  we  tend  to  store 
inventory?  he  says. 

Mike  Sapien,  a  consultant  for  the  datacom  industry,  says 
he  has  clients  like  this. What  the  companies  are  lacking  is  a 
clear  exit  strategy  for  their  retired  equipment.  His  theory  on 
older  equipment:“Kill  it  now  before  it  gets  too  painful.” 

“You  always  have  to  explain  to  the  financial  people  why 
you’re  throwing  something  out  —  if  it  works,  why  are  you 
replacing  it?”  Sapien  says.  But  he  adds  that  keeping  equip¬ 
ment  around  too  long  raises  other  costs,  such  as  help  desk 
and  service  calls. 

Trash  talk 

Recent  regulatory  issues  pertaining  to  privacy  and  the 
environment  have  put  a  damper  on  how  companies  get 
rid  of  their  old  equipment.  Hard  drives  must  be  wiped 
clean  so  that  data  is  not  compromised.  Computers  con¬ 
taining  hazardous  materials  cannot  be  dumped  in  land¬ 
fills.  As  a  result,  companies  are  turning  to  professional  recy¬ 
clers  to  tear  down  computers. 

“The  biggest  challenge  IT  has  is  recognizing  that  they’re 
going  to  have  to  pay  to  have  equipment  hauled  awa>? says 
Frances  O’Brien,  an  analyst  at  Gartner.  She  says  that  com¬ 
panies  should  plan  to  spend  upward  of  $30  to  $120  to  dis¬ 
pose  of  a  single  PC  —  depending  on  the  level  of  sanitiza¬ 
tion  they  want. 

“A  lot  of  times  what  happened  in  the  past,  employers  just 
said, ‘let’s  just  give  this  to  employees,’ and  since  they’re  trust¬ 
ed  employees  they  didn’t  clean  off  the  drives,”  she  says. 
“What  happens  years  later  when  the  employee  gives  up  the 
PC?” 

Aside  from  liability  there  are  other  reasons  O’Brien 
doesn’t  suggest  handing  out  retired  equipment. “It’s  labor- 
intensive,  taking  off  the  old  data,  doing  a  software  over¬ 
write,"  she  says.”What  the  person’s  left  with  is  a  PC  with  no 
operating  system  and  no  applications.”  What’s  more, 
employees  might  expect  IT  to  support  these  clunkers. 

O’Brien  says  there  has  to  be  a  shift  in  the  IT  industry  to 
look  at  product  retirement  as  an  ongoing  process.  “Don’t 
wait  till  you  fill  up  your  closet,”  she  says.  She  cites  three 
options:  Charitable  contributions,  outsourcing  and  tear 
down. 

Large  vendors  such  as  Dell,  HP  and  IBM  have  all  devel¬ 
oped  disposal  offerings  outside  of  their  new  PC  sales  and 
leasing  groups.  Also,  manufacturers  are  starting  to  take 
back  equipment,  O’Brien  says. 

She  cautions  that  this  is  not  a  free  service.“You’re  going 
to  be  paying  for  it  one  way  or  another  —  with  an  upfront 
fee  or  a  visible  recycling  fee  at  the  end,”  she  says.  St 
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UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


UltraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


•  Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

•  High  quality  video  up  to  1280  x  1024 

•  Scaling,  scrolling,  and  auto-size  features 

•  Secure  encrypted  operation  with  login  and  computer 
access  control 

•  Advanced  visual  interface  (AVI) 

•  No  need  to  power  down  servers  to  install 

•  Free  lifetime  upgrade  of  firmware 

•  Available  in  several  models 

•  Easy  to  expand 


•  Connects  up  to  1000  computers  to  a  KVM  station 

•  Models  for  4,  8,16  computers 

•  Advanced  visual  interface  (AVI) 

•  Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

•  Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

•  Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

•  Free  lifetime  upgrade  of  firmware 

•  Security  features  prevent  unauthorized  access 

•  Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 

•  Easy  to  expand 

(&j\  l  ran  ci 


^pP^RackView™ 

KVM  RACK  DRAWER  WTTH  KVM  SWITCH  OPTION 


800  333  9343 

WWW.ROSE.COM 


ELECTRONICS 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


.  A  KVM  switch  allows  single  or  multiple 
■  ivyorkstatiOns-to  have  local  or  remote  access  to 


-  muftiple  computers  located  in  server  rooms  or 
ori  the  desktop  regardless,  of  their  platforms 
T'i  and  operating  systems.  KVM  switches  have 
■' ttSditjohcHiy  provided  cost  savings  in  reducing 
k  :  energy  and  equipment  costs  while  freeing  up 


v valuable  real' estate. 

Recognized  as  the  pioneer  of  KVM  switch 
)r  .  technology.  Rose  Electronics  offers  the 
industry's  most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 
solutions.  Rose  Electronics  products  are 
".  known  for  their  quality,  scalability,  ease  of  use 
'and  innovative  technology. 


Rose  Electronics  is  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  Texas  77099 


ROSE  US  +281  933  7673 

ROSE  EUROPE  +44  (0)  1 264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1540 
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Publish  Large  Document  Collections 
to  the  Web  or  to  CD/DVD 

♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML,  &  PDF  while  displaying  embedded 
links,  formatting  &  ffiTETfffi 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

"The  most  powerful  document  search  tool  on  the  market” 
-Wired  Magazine 


“intuitive  and  austere  ...  a  superb  search  tool”  -PC  World 


“Blindingly  fast”  -Computer  Forensics:  Incident  Response  Essentials 


“A  powerful  arsenal  of  search  tools”  -The  New  York  Times 


dtSearch  “covers  all  data  sources  ...  powerful  Web-based 
engines”  -eWEEK 
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“Searches  at  blazing  speeds”  -Computer  Reseller  News  Test  Center 


in  the  past  two  years,  over  half  of  the  Fortune  15  purchased 
dtSearch  developer  ox  network  licenses. 


1-800-IT-FINDS 

sales@dtsearch.com 


See  www.dtsearch.com  for: 

♦  hundreds  of  developer  case  studies  &  reviews 

♦  fuliy-functional  evaluations 


dtSearch| 


dtSearch 


PUBLISH 

for  CD /DVDs 


dtSearch 


Industrial-strength.. 
dinerb"-PC  Magazine 


"Industrial-strength .. 
superb”— PC  Magazine 


It 


Industrial-strength.. 
superb"-pc  Magazine 


♦  for  Win  &  .NET 
♦  for  Linux 

♦  call  for  pricing 


Industrial-strength.. 
•;uDerb"-PC  Magazine 


Industrial-strength.. 
superb"-pc  Magazine 


♦  from  $2,500 


P  ♦  from  $800 


The  Smart  Choice  for  Text  Retrieval®  since  1991 
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SSH  or  Out-Band  Access  to 
Consoles  at  Remote  Loca  tions 


■  Secure  Shell  (SSHv2)  Encryption 

■  Simultaneous  SSH  or  Telnet 


■  Non-Connect  Port  Buffering 

■  SYSLOG  Reporting 

■  SNMP  Capability 

■  Any-to-Any  Port  Switching 

■  IP  Security  Features 

■  10/100  Base-T  Ethernet  Port 

■  Port-specific  Password  Protection 

■  Data  Rate  Conversion 

■  115/230VAC  or  -48VDC  Models 

The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  and  maintenance  ports  on  UNIX 
servers,  routers  and  any  other  network  elements  which  have  a  serial  console 
or  craft  port.  System  administrators  can  access  serial  maintenance  ports 
over  the  network  via  SSH  connections  and  simple  menu-driven  commands, 
or  through  a  discrete  TCP  port  connection  mapped  directly  to  one  of  the  Visit  website  fOt  Complete  NetReSCh™  product  line. 

SCM-16  serial  outputs. 


(800)  854*7226  *  www.wti.com 

5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:  (949)  583-9514 
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Custom  Management  Levels 


Test-drive  the  new  Observer  9.0  today  and  see.  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 


OBSERVER 


Remote  &  Hardware  Options 


Decode  over  500  protocols 
Long-term  network  trending  &  analysis 
Real-time  statistics 


a  full  featured  evaluation  or  visit  our  website  at 


REMOTE  NETWORKING  PROBES 


www, networkmstruments.com/nine 


Fully  distributed 

Monitor  up  to  64  NICs  simultaneously 
New  levels  of  problem  solving  collaboration 


EXPERT  OBSERVER 


What-lf  Modeling  Analysis 
Expert  Analysis 
Connection  Dynamics 


Introducing  Observer  9.0 


GIGABIT  &  WAN  HARDWARE  OPTIONS 


■  New  Application  Analysis 

■  Remote  probes  now  provide  multi-interface  and 
multi-session  support  \  r  .*•••• , 

>  Industry-first  4GB  packet  capture  buffer 

■  Wireless  Site  Survey  Modes  .  * 


•  Portable  analyzer  systems 

•  Rat  ■  -mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


OBSERVER  SUITE 


Complete  SNMP  device  management 
Supports  full  RMONl  .  RM0N2,  HCRMON 
Web  Publishing  Reports 


•  Nanosecond  resolution 

•  Now  over  450  Expert  Events 

•  SNMP  RMON  and  now  HCRMON  support  i 


t  n  r?  i  & » i 


One  Network  ■<£/  Complete  Control 

3  M&IM'ill  2  (53 


Wired  to  Wireless  •  LAN  to  WAN 


i,  ii 


NETWORK 


OBSERVER 


www.networkinstruments.com/nine 

©  2004  Network  Instruments,  LLC  All  rights  reserved  Observer.  Network  instruments  and  the 
Network  Instruments  logo  are  registered  trademarks  e*  Network  Instruments,  LLC. 
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io/ioo  BaseT  Ethernet 

IP  for  HTML.  SNMP  & 
Telnet  Management 


RS-232 

Serial  Management 


Link  Port 
(daisy  chains  to) 

Expansion  Module 


Power  Tower  XL 

•  Outlet  Grouping  across 
power  circuits 

•  Input  Current  Monitor 

•  New  HTML  GUI 

•  Power-up  Sequencing 

•  Zero  U  vertical  and  Rack- 
mount  horizontal  models 

•  Add  a  second  Power  Tower 
to  manage  32  power-ports 


Sentry  Power  Tower. 

Equipment  Cabinet  Solutions 


Server  Technology,  Inc 


;  .  1040  Sandhill  Drive  Reno,  Nevada  8951 1  USA 
web:  www.servertech.com  toll  free:  1.800.835.1515 
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increase  capacity  •  expand  coverage  •  maximize  performance  •  rapid  installation  •  minimize  cost 

5  reasons  why  more  and  more  companies 
are  jumping  to  Redline  Communications 


Quick  and  simple  to  deploy, 
Redline's  systems  provide  secure 
voice  and  data  connections  that  are 
completely  scalable,  cost  effective, 
and  reliable.  Redline's  technology 
significantly  reduces  recurring 


expenses  on  T1  backhaul  costs  and 
makes  it  simple  to  migrate  to  VoIP 
networks  by  combining  T1  and  IP  all 
in  one  wireless  link  -  all  backed  by 
Redline's  leading  OFDM  technolo¬ 
gy  for  robust  connectivity. 


For  more  information  visit  our  website  at 

www.redlinecommunications.com/5_reasons  or  call  us  at  1-866-633-6669 


d  Redline 

communications 


Quality  Parts. Great  Prices 


Trust  the  Experts 

jsontlnental 


Call  today  for 
10%  off  1  item  (Up  to  $500)* 

*New  customers  only. 


www.conticomp.com 
COMPUTERS  «... m.  Call  us:  (310)  416- 1200 


Save  40-70 %  on  Network  Equipme 


Refurbished  Routers,  Switches, 

Access  Servers  and  Modules. 


Trust  .Value  II 


Cabinet  Climate  Monitor  $389 


Ethernet/Web  Rack  Mounted 


Temperature 
Air  Flow 
Humidity 
Door  position 
Sound 
Light  Level 
Power 

Video  optional 
16  external  sensors 


Monitor  Multiple  Cabinets 

HTML  (no  client  needed) 
SMTP  (e-mail  alerts) 
SNMP  (MIB,  Traps) 
Graphing 
Console 


O  IT  Watchdogs 

See  it  working  at:  www.ITWatchdogs.com 

http://63.237.104.17  512-257-1462 


:in_JMi 


See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage 
Leather  goods 
Gifts 
Pens 
Clocks 
Lighters 
Games 
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Advertising  Supplement 

IT  Careers  in  Northern  California 


The  promise  from  high  tech  corporate  leaders  was 
that  the  offshore  movement  of  jobs  would  lead  to 
more  high-end  jobs  versus  a  simple  loss  of  work.  While  the 
debate  continues,  there  are  some  interesting  trends  in 
northern  California  that  point  to  a  future  that  is  shaping 
itself  differently,  but  that  includes  opportunity. 


hardware  development  to  use  of  high  tech  in  other  fields, 
has  slowed  the  job  drain  from  northern  California. 
Economic  development  leaders  say  that  20%  of  employers 
in  the  northern  portion  of  the  state  plan  to  hire  in  2004.  The 
challenge,  they  say,  will  be  to  transform  the  educational 
system  and  community  services  to  meet  the  new  opportunities. 


Among  the  trends  is  an  on-shoring  of  executive  jobs. 
Over  the  past  two  years,  a  number  of  foreign  high-tech 
firms  have  hired  CEOs  to  staff  northern  California  offices  - 
ranging  from  TakAsic,  a  French  chipset  maker, 
to  the  government  of  New  Zealand's  office 
in  Redwood  City,  known  as  Silicon 
Valley  Beachhead.  Foreign 
companies  say  that  while  they 
can  offer  services  and  produce  at 
a  lower  cost,  the  northern 
California  region  offers  them  two 
things  they  need  -  funding  and  a 
workforce  that  knows  how  to 
create  technologies. 

The  influx  of  foreign 
companies,  along  with 
a  migration  of  jobs 
from  straight 
software  and 


It's  not  the  first  time  the  northern  California 
peninsula/valley  region  has  remade  itself.  Formerly  a  haven 
for  defense  contractors,  the  area  later  turned  to 
development  of  communication  devices,  hardware  and  in 
the  1990s  software.  Today  the  region  employs  better  than 
100,000  software  developers.  Doug  Henton,  president  of 
Collaborative  Economics,  estimates  that  new  jobs  will 
develop  in  the  next  five  years  but  will  take  software 
development  into  new  areas  -  such  as  genomic  research 
and  new-age  satellite  positioning  and  communications. 

Genomic  Health  Inc.,  one  of  many  medical  high  tech 
companies  in  the  region,  was  founded  in  August  2000  to 
provide  genomic  analysis  of  tumor  biopsies.  The  company 
illustrates  the  overall  shift  in  Silicon  Valley  futures  when  it 
comes  to  jobs.  Senior  biostatisticians  need  higher-level 
statistics  degrees,  as  well  as  programming  expertise  with 
SAS  and  S+  programming.  Assay  developers,  who  will 
develop  the  trial  and  research  methodology,  need  bio  life 
sciences  experience,  but  also  experience  with  programming 
and  data  mining. 

Also  in  hiring  mode,  Lockheed  Martin  Space  Systems  in 
Sunnyvale  has  similar  job  complexity.  Software  engineers 
need  experience  in  development,  but  in  critical  design  skills 


as  well,  to  include  modeling  and  simulation.  While  Space 
Systems'  commercial  business  remains  flat,  work  on  new 
communications  networks  that  enable  security  and  defense 
are  growing.  Dozens  of  jobs  -  from  tech  support  to  high 
level  integration  -  are  listed  on  the  organization's  website. 

Karen  Strella,  principal  at  executive  search  firm  Egon 
Zehnder,  says  the  growing  pharmaceutical  and  biotech 
community  in  the  region  is  key  to  future  job  growth.  "Since 
2003  was  the  worst  year  ever,  we're  seeing  100%  growth 
this  year  in  terms  of  the  number  of  assignments  we're 
getting  as  well  as  those  of  our  competitors.  Technology  is 
the  enabler  to  moving  new  drugs  through  trials  quickly,  and 
it's  also  the  foundation  for  bioinformatics  used  in  biotech. 
IT  professionals  with  a  combination  of  tech  and  life 
sciences  understanding  are  in  high  demand.  We're  also 
seeing  a  huge  need  for  leaders  of  research  and 
development  organizations.  There's  a  very  small  universe 
of  people  who  do  this  well. 

"The  second  area  (of  demand)  that  we're  seeing  is 
commercialization  of  R&D.  The  pharma  and  biotech 
companies  are  importing  this  ability  from  software, 
commercial  and  retail  professionals." 

For  more  information  about  IT  Careers  advertising, 

please  contact:  Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 


System  Software  Specialist  II  to 
research  and  develop  web- 
based  programming  in  such 
fields  as  electronics  data  pro¬ 
cessing,  electronic  data,  inter¬ 
change  and  information  tech, 
systems.  In  addition,  the  appli¬ 
cant  will  develop  an  Internet- 
based  Summary  Statistical 
Report,  and  plan  and  design  a 
network  security  system  for  all 
servers  in  the  department.  Use 
ASP  programming  language  to 
develop  and  maintain  integrated 
databases  systems.  Require¬ 
ments:  minimum  of  Bachelor's 
degree  in  Computer  Science, 
Management  of  Technology  or 
related  field  and  3  yrs  working 
experience  with  JAVA,  Statistical 
Package  (SPSS)  PHP,  ASP  and 
Cold  Fusion.  Must  have  strong 
statistical  background  and  Or¬ 
acle  PL/SQL.  Please  send  res¬ 
umes  to:  Educational  Technol¬ 
ogy  Unit,  Biomedical  Research 
Education  &  Training,  Vanderbilt 
University,  340  Light  Hall, 
Nashville,  TN  37232-0301. 
Reference:  SSSII 


SYSTEMS  SUPPORT 
ANALYST 

Witness  Systems,  Inc.,  a 
Developer  of  Client/Server 
Monitoring  Software,  seeks  a 
qualified  Software  Support 
Analyst  for  Atlanta,  GA  location. 
Must  have  a  Bachelor’s  degree 
or  foreign  degree  equivalent  in 
Computer  Science,  Information 
Systems,  or  related  field  plus  4 
years  of  experience  in  the  posi¬ 
tion  offered  or  4  years  of  experi¬ 
ence  in  Database  administration 
and  network  troubleshooting. 
Salary  and  benefits  commensu¬ 
rate  with  experience.  Send 
resume  to:  Sheri  Mattison, 
Employment  Manager,  Witness 
Systems,  Inc.  300  Colonial 
Center  Parkway,  Roswell,  GA 
30076. 


Software  Test  Engineer  II,  Color¬ 
ado  Springs,  CO  area:  Tests  and 
evaluates  multiple  features  and / 
or  functionality  within  a  wide 
range  of  complexity;  Uses 
established  quality  standards  to 
verify  functionality  and  usability 
of  assigned  areas  throughout 
the  development  cycle:  Creates 
and  updates  test  documenta¬ 
tion,  automated  test  scripts,  and 
test  environments  to  ensure 
effective  and  adequate  test  cov¬ 
erage.  Annual  salary  $68,805. 
Requirements:  Bachelors  of  sci¬ 
ence  or  foreign  equivalent  in 
Computer  Science,  Engineering, 
Information  Systems  Manage¬ 
ment  or  a  related  field.  Four 
years  of  experience  with  at  least 
a  minimum  of  two  years  of  local¬ 
ization  experience.  Thorough 
understanding  of  MicrosoftWin- 
dows  NT  system  required.  Must 
also  be  able  to  work  with  at  least 
one  out  of  the  following  systems: 
Peoplesoft,  Oracle  Financials  or 
JD  Edwards.  Mail  Resumes  to 
Workforce  Development  Pro¬ 
grams,  P.O.  Box  46547,  Denver, 
CO,  80202,  and  refer  to  order 
number  C05069030.  Applica¬ 
tion  is  by  resume  only. 


Analyst/Project  Programmer 

The  Medical  College  of  Wiscon¬ 
sin  is  seeking  Analyst/Project 
Programmers  The  Analyst/Pro¬ 
ject  Programmer  is  responsible 
for  working  with  project  scien¬ 
tists  and  other  project  collabora¬ 
tors  to  design,  develop,  imple¬ 
ment,  and  provide  maintenance 
support  for  web  database  appli¬ 
cations  for  biological  and  med¬ 
ical  scientific  research.  Qualified 
candidates  must  possess  a 
Master's  degree  in  Mathematics, 
Computer  Science,  Computing 
(with  a  background  in  biological 
science),  or  Biological  Science 
(with  a  strong  background  in 
computers).  Interested  appli¬ 
cants  please  provide  a  resume 
and  a  cover  letter  with  salary 
requirements  to:  Medical 
College  of  Wisconsin,  Attn: 
Employment  Office-JMC0301, 
8701  Watertown  Plank  Rd., 
Milwaukee.  Wl  53226,  Fax: 
414-456-6502. 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis,  TN:  Senior  Scientific  Pro¬ 
grammer.  Design  and  develop 
scientific  programming  applica¬ 
tions  using  logical  and  mathe¬ 
matical  solutions  in  support  of 
operations  research.  Require¬ 
ments:  Bachelor's  degree  or 
equivalent*  in  computer  science, 
operations  research,  engineer¬ 
ing  or  related  field,  plus  2  years 
of  experience  in  programming  in 
a  scientific  environment.  Edu¬ 
cation  must  have  included 
coursework  in  operations  re¬ 
search.  management  science  or 
related  field.  Education  and /  or 
experience  with  development  of: 
relational  databases  in  MySQL; 
web  applications  using  Perl/CGI; 
and  object-oriented  applications 
using  Visual  C++  with  STL  also 
required.  ’Master's  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience. 
Submit  resumes  to  Michael 
Umlauf,  Federal  Express 
Corporation.  3680  Hacks  Cross 
Road.  H-2220,  Memphis,  TN 
38125.  EOE  M/F/D/V. 


Finance  Programmer 

Develop  and  program  financial 
related  IT  projects,  analyze 
existing  financial  systems  to 
identify  conversion,  technical 
requirements,  and  create  in- 
house/clients  reports.  Writes 
complex  SQL  scripts  to  perform 
financial  analysis  and  creates 
adhoc  financial  reports  using 
finance  related  computer  appli¬ 
cations.  Master  degree  in  Com¬ 
puter  Info.Sys.  or  a  related  field 
and  proficiency  in  Active  report, 
eBackoffice,  FRx.  The  position 
also  requires  strong  background 
in  database  manipulation  and 
programming.  40hrs/wk.  Send 
resume  to  Mrs.  Ginna  Teachout, 
VP,  HR,  Infinisource,  Inc.  15  E. 
Washington  St..  Coldwater,  Ml 
49036. 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis,  TN:  Senior  Operations  Re¬ 
search  Analyst.  Using  opera¬ 
tions  research  methods,  analyze 
broad  and  complex  corporate 
problems/projects.  Requiremen¬ 
ts:  master's  degree"  or  equiva¬ 
lent  in  operations  research,  ap¬ 
plied  mathematics,  engineering 
or  other  quantitative  field  plus  4 
years  of  experience  in  systems 
analysis,  engineering,  applied 
mathematics  or  related  field.  Ex¬ 
perience  with:  developing  algo¬ 
rithms  using  either  C/C++,  Java 
or  CPLEX;  researching  and  de¬ 
veloping  optimization-based  and 
heuristic  models  for  large-scale 
network  problems;  and  statisti¬ 
cal  modeling  and  data  analysis 
using  statistical  software  also 
required.  *Ph.D.  in  appropriate 
field  will  offset  3  years  of  gener¬ 
al  experience.  Submit  resumes 
to  Michael  Umlauf,  Federal 
Express  Corporation,  3680 
Hacks  Cross  Road,  H-2220, 
Memphis.  TN  38125.  EOE 
M/F/D/V. 


MetaCom  Computer  Business 
Development,  specializes  in  pro¬ 
viding  robust,  innovative,  cost 
and  time  efficient  computing, 
technological,  and  software 
solutions  to  IT  industry.  We  are 
looking  for  the  following: 

Systems  Analysts:  Design,  de¬ 
velop  and  test  sales  processing 
system,  functionality,  web  appli¬ 
cation  development,  web  re¬ 
ports,  database  operations  with 
stored  procedures  Design  pro¬ 
grams  in  asp.net,  windows  ap¬ 
plication,  web  service  and  win¬ 
dows  service  using  .NET  Frame¬ 
work.  Windows  2000,  C#, 

VB.NET,  ASP.NET,  XML,  Crystal 
Report  9.0,  MSMQ,  MS  SQL 
Server  2000,  Oracle  9i  and 
Oracle  9i  Lite.  Need  Bachelor 
Degree  in  Computer  Science  or 
related  and  2  years  of  experi¬ 
ence  Send  resume  to:  HR, 
10333  Harwin  Dr.  #540 
Houston,  TX  77036.  Email: 
christan727@  yahoo.com 


Senior  Application  Engineers 
needed.  Seeking  qual.  candi¬ 
dates  possessing  BS  or  equiv. 
as  determined  by  properly  eval¬ 
uated  credentials  in  Electronics, 
Engg.,  Comp.  Sci.  or  related.  & 
1  year  of  work  exp  in  the  job 
offered  or  as  an  Engg.  profes¬ 
sional.  Job  Duties:  Develop  & 
implement  Oracle  financial  & 
manufacturing  app.;  implement 
data  conversions  using  Oracle 
open  interfaces.  Write  Oracle 
standard  CV40;  Transfer  human 
resource  data  to  new  systems 
using  Oracle  migration  process¬ 
ing;  Travel  to  set  up  systems, 
interact  w /  clients,  &  train  users 
at  various  locations  for  different 
short  &  long  term  projects;  Work 
w /  Oracle,  SQL  Loader,  SUN, 
Dream  Weaver,  &  Unix.  9am- 
5pm.  M-F.  $82.000/yr.  Direct 
resumes  to:  Job  Number 
202757,  Delaware  Dept  of 
Labor,  Division  of  Employment  & 
Training,  ALCU.  4425  N.  Market 
St„  P.O.  Box  9828.  Wilmington, 
DE  19809. 


NETWORK  ADMINISTRATOR 
Provides  technical  support  to 
computerized  LAN  and  WAN 
systems/network  functions  for  2 
mfg.  facilities.  Monitors,  tests, 
troubleshoots,  maintains  soft¬ 
ware/hardware.  Reviews,  evalu¬ 
ates,  documents  computer  net¬ 
work  system.  Installs,  supports, 
upgrades  operating  systems  for 
servers,  desk  top  PC's,  printer 
servers.  Responsible  for  data/ 
systems  backup  of  chromatog¬ 
raphy  workstations,  computers, 
network  servers.  Implements 
security  policies.  Provides  end 
user  support  for  all  network- 
based  applications.  Conducts 
audits  of  lab  equipment. 

BS  Computer  Science/Comput¬ 
er  Eng;  prof,  in  Visual  Basic, 
JAVA,  Visual  C++.  7:00am- 
5:30pm  M-F.  NO  travel  exp/mov¬ 
ing  costs.  Submit  resumes  to 
Pharmaceutical  Associates,  Inc 
ATT:  Ann  Moore,  201  Delaware 
St.  Greenville.  SC  29605. 


Manhattan  Associates,  Inc.,  a 
worldwide  leader  in  supply  chain 
execution  systems  is  looking  for 
IT  professionals  for  our  Atlanta, 
GA  &  Burlington.  MA  locations. 
Analysts:Design,  develop,  code, 
test,  debug  &  implement  internet 
enabled  distributed  apps  using 
OO  techn,  CORBA,  &  COM  on 
Windows  or  Unix  Platform. 
Travel  30%+.  Req.  BS  eng  &  1+ 
yr  exp  software  app.  C++  serv¬ 
er:  1+yr,  and  knowledge  web 
techno.  (Javascript  or  XML). 
U!:1+yr  COM  &  VB/VC++  & 
HTML,  Javascript  &  XML. 
DBA/Developer.  DB2  &  Oracle, 
analyze  data  mod.  &  DB  struc¬ 
ture.  implement  software/sup¬ 
port  DB  on  var.  platforms.  Req. 
BS  tech  field  (eng.,  cs  or  appl 
math)  &  2+yrs  DB  admin. 
w/DB2,  Oracle  9i,  SQL  & 
PL/SQL.  Perm  workers  only. 
Resumes  to:J.  Lurey.  Manhattan 
Associates,  2300  Windy  Ridge 
Pkwy,  7th  FI.  North,  Atlanta.  GA 
30339. 


DATABASE  ADMINISTRATOR: 
Coordinate  and  arrange  the  pur¬ 
chase  and  installation  of  comput¬ 
er  hardware  and  software. 
Design  develop,  maintain  and 
test  software  program  keeping  in 
view  business  reports  Analyze, 
review,  and  validate  systems 
upgrades  Manage  and  provide 
technical  support  to  users,  and 
prepare  documentation  of  the 
program  development  and  use. 
Monitor  and  Audit  the  information 
generated  to  amend  the  system 
To  correct  any  problems  encoun¬ 
tered  with  its  functioning.  On  call 
for  Financial  Data  back  up  and 
troubleshoot  including  but  not  lim¬ 
ited  to  recovery  of  archives,  oper¬ 
ating  system  and  applications 
software.  Must  be  HS  Graduate 
and  must  have  2yrs  Exp.  in  job 
ottered,  Job  is  in  Ft. Lauderdale, 
40hrs/wk;  9:00am-6:00pm  M-F. 
Please  mail  resume  it  MA  SID- 
DiQ  CORP  at  1250  SW  27  AVE. 
RIVER  LANE,  l-'T.LAUDERDALE, 
FL.  33312. 
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Omnisoft,  Inc.,  is  a  global  IT  sys¬ 
tems  integration  and  solutions 
firm  has  openings  for  the  follow¬ 
ing:  Software  Engineers:  Res¬ 
earch,  design,  develop,  analyze, 
test,  and  recommend  software 
requirements  for  E-commerce 
database  applications  as  well  as 
develop  and  perform  database 
maintenance  for  automobile  and 
insurance  industry  clients.  Use 
object-oriented  programming  us¬ 
ing  Oracle,  Java,  Perl,  XML, 
Solaris,  Web  logic,  C++  and  cur¬ 
rent  Web  Technologies  in  Win¬ 
dows.  Unix,  and  Linux  environ¬ 
ments.  Need  Bachelor's  Degree 
in  Computer  Science  or  related 
and  2  years  of  experience.  Pro¬ 
grammer  Analysts:  Design  and 
develop  Enterprise  Resource 
Planning,  Customer  Relationship 
Management,  ASP,  Dataware- 
house  applications.  Use  current 
web  technologies,  web  services, 
Stored  procedures  and  SQL. 
Work  in  Unix  Environment  and 
Unix  Schell  Scripting.  Need  2 
years  of  experience  in  relevant 
field.  Send  resume  to:  HR 
Manager,  Omnisoft,  Inc.,  2215 
W.  Russell  Ave.,  Sioux  Falls,  SD 
57104  or  via  e-mail  at: 
hr@omnisoftinc.net 


Sr.  Software  Engineer  sought  by 
network  security  device  manu¬ 
facturer  in  Broomfield,  CO  to 
work  in  Broomfield  and  other 
unanticipated  job  sites  in  the 
U  S.  to  engage  in  full  life  cycle 
development  of  system  security 
software  products,  for  high-end, 
fault-tolerant  data  communica¬ 
tions  networks  that  utilize 
TCP/IP  protocol,  routers,  switch¬ 
es  and  Checkpoint  Firewall-1. 
Integrate  Firewall-1  internals 
into  software  products  utilizing 
C/C++  on  UNIX  platform. 
Analyze  requirements,  code, 
test  and  debug  the  software. 
Engages  in  project  management 
as  required.  Requires  bachelor's 
or  foreign  equivalent  in  comput¬ 
er  science;  2  yrs  exp.  in  software 
development  utilizing  TCP/IP, 
Checkpoint  Firewall-1,  C/C++  on 
Unix  platform.  M-F;  8am-5pm; 
$106,000/yr.  Respond  by 
resume  to  Employment 
Programs,  PO  Box  46547, 
Denver,  CO  80202  and  respond 
to  JON  CO5068582. 


Director  of  Engineering  sought 
by  internet  media  infrastructure 
company  in  Boulder,  CO  to  over¬ 
see  the  work  of  three  technical 
leads  who  are  designing  and 
developing  a  platform  to  be  used 
in  a  Web  environment  that  will 
enable  an  interactive  near-tv 
quality  experience  on  the 
Internet.  Design  and  develop 
multi-media  software  applica¬ 
tions  using  C++,  HTML,  IP  and 
Internet  technologies,  Realtime 
graphics  and  multi-media  pro¬ 
gramming  and  technologies, 
and  video  and  computer  graph¬ 
ics  subsystems.  Development 
of  this  multi-media  platform  also 
uses  MFC,  open  GL,  Direct  X, 
COM,  and  ATL.  Requires  1  yr 
exp  designing  and  developing 
multi-media  software  applica¬ 
tions;  working  knowledge  of 
C++,  HTML,  IP  and  Internet 
technologies,  realtime  graphics 
and  multi-media  programming 
and  technologies;  M-F;  8am- 
5pm;$63,000/yr.  Respond  by 
resume  to  Employment 
Programs,  PO  Box  46547, 
Denver,  CO  80202  and  respond 
to  JON  C05068301. 


Computer  System  Analyst  to 
conduct  organizational  studies, 
and  analyze  user  requirements, 
procedures  and  problems  to  au¬ 
tomate  or  improve  existing  sys¬ 
tems  and  review  integrated  da¬ 
tabase  system  capabilities.  Pre¬ 
pare  the  statistics  data  and  pre¬ 
sentation  for  training  grant  sup¬ 
port.  Prepare  and  collect  the  sta¬ 
tistical  billing  data  for  the  Educa¬ 
tional  Technology  research. 
Conduct  quantitative  analyses  of 
information  affecting  the  strate¬ 
gic  plan.  Requirements:  mini¬ 
mum  of  Master's  degree  in  Com¬ 
puter  Science,  Management  of 
Technology  or  related  field.  Must 
have  strong  Applied  Statistics 
background  and  Cold  Fusion, 
ASP  and  PHP  programming  lan¬ 
guages.  Please  send  resumes 
to:  Educational  Technology  Unit, 
Biomedical  Research  Education 
&  Training,  Vanderbilt  University, 
340  Light  Hall,  Nashville,  TN 
37232-0301.  Reference:  CSA 


Computer  Professionals 

(Multiple  Openings) 

Software  Engineer/Systems 
Analyst/Database  Adminis¬ 
trator/Network  Administrator 
Casper,  WY. 

Must  have  bachelors  degree 
or  equivalent  and  experience 
in  some  of  the  following  skills: 

C/C++,  Java,  Web  Methods, 
Cold  Fusion,  Microsoft  Technol¬ 
ogies  (Visual  Basic,  .NET,  ASP) 
CRM  (Siebel,  Clarify,  Vantive), 
Middle  Ware  Technologies  (Or- 
bix,  Corba,  Tibco,  Vitria)  Data 
Ware  Housing  Tools  (Informati- 
ca,  Data  Stage,  Abinitio,  Busin¬ 
ess  Objects,  Cognos,  Micro 
Strategy,  Brio)  ERP  (SAP, 
People  Soft,  Oracle  Apps, 
Baan),  Mainframe  (Cobol,  CICS, 
JCL,  VSAM)  AS400,  Ecom- 
merce,  Databases  (SQL  Server/ 
Oracle/DB2/Sybase),  Microsoft 
Windows(95/98/NT/2000,Excha 
nge),  UNIX  (Sun  Solaris,  HP, 
AIX),  Linux  and  QA  (Win  Run¬ 
ner,  Load  Runner,  Silk,  Quick- 
pro,  Manual  Testing). 

Must  be  willing  to  travel  and/ 
or  relocate  to  various  places 
in  the  United  States.  Mail  your 
resume  to: 

Human  Resource  Director 
AMSOL,  Inc. 

2510  E.  15th  Street,  Suite  #  5 
Casper,  WY  82609-4111 


Software  Engineer.  Sought  by 
Englewood  Colorado  consulting 
company  to  work  in  various  un¬ 
anticipated  locations  throughout 
the  U.S.  Duties:  Develop,  create 
and  modify  general  computer 
applications  software  or  special¬ 
ized  utility  programs,  including 
financial  and  business  applica¬ 
tions.  Analyze  user  needs  and 
develop  software  solutions.  De¬ 
sign  software  or  customize  soft¬ 
ware  for  client  use  with  the  aim 
of  optimizing  operational  effi¬ 
ciency.  Analyze  and  design  da¬ 
tabases  within  an  application 
area.  Use  of  COBOL/COBOL  II, 
VSAM,  DB2,  CICS  and  JCL. 
Reqs.  Bachelor  or  equivalent  in 
Computer  Science  or  related 
field.  Plus  2  years  in  the  job 
offered  or  2  years  in  a  related 
occupation,  including  Program¬ 
mer  Analyst,  Systems  Analyst  or 
Consultant.  Will  accept  2  years 
college  education  and  6  years 
related  experience  in  lieu  of 
required  education  and  experi¬ 
ence.  $81, 000/year,  40/hrs/wk, 
8AM-5PM.  Respond  by  resume 
to  WORKFORCE  DEVELOP¬ 
MENT  PROGRAMS,  PO  Box 
46547,  Denver,  CO  80202,  and 
refer  to  Job  Order  No. 
CO5068348. 


COMPUTER 

Siebel  Systems,  Inc.  has 
employment  opportunities 
for  Tech  Instructors  in 
Alpharetta,  GA.  Education 
and  experience  require¬ 
ments  vary.  Apply  online  at 
http://www.siebel.com/adres 
ume  or  forward  your  resume 
referencing  Job#  2521  to: 
Siebel  Systems,  Inc.  Attn: 
Corporate  Recruiting,  2207 
Bridgepointe  Parkway,  San 
Mateo,  CA  94404.  EEOE 


Business  Management  Systs 
Consultant,  Atlanta  &  various 
sites  in  US:  consult  w /  &  deter¬ 
mine  management  systems 
needs  &  problems  for  corp. 
clients;  recommend  new  or 
revised  technology  to  manage 
business  operations;  coordinate 
implementation,  maintenance, 
upgrade,  support  of  system, 
training  of  users  &  documenta¬ 
tion;  ensure  quality  customiza¬ 
tion  done  w/in  budget,  time  con¬ 
straints;  Req:  Bach  Degree  in 
Bus  Admin,  MIS  or  BIS  or  relat¬ 
ed  +  2  yrs  in  job  offered  or  as 
Management  Consultant  -  cor¬ 
porate  management  consulting. 
Mail  resume  to  Netlink,  7306 
Roswell  Rd,  #  6,  Atlanta,  GA 
30328. 


Computer  Security  Analyst 
sought  by  network  security 
device  manufacturer  in 
Broomfield,  CO  to  work  in 
Broomfield  and  other  unantici¬ 
pated  job  sites  in  the  U.S.  to 
monitor  actual  and  attempted 
access  to  computer  networks  in 
computer  security  operations 
center.  Monitor  and  implement 
security  measures  to  safeguard 
information  in  computer  system 
networks  to  protect  against  acci¬ 
dental  or  unauthorized  modifica¬ 
tion,  destruction,  or  disclosure. 
Receive  telephone  calls  from 
users  having  computer  system 
security  problems  on  computer 
security  operations  help 
desk/response  team,  answer 
questions,  applying  knowledge 
of  computer  software,  network¬ 
ing,  hardware,  and  procedures. 
Utilize  tools  such  as  firewalls, 
virtual  private  networks  and 
security  intrusion  detections  sys¬ 
tems.  Monitor  and  modify  secu¬ 
rity  parameters  remotely, 
respond  to  fault  alarms.  Talk  to 
internal  and  external  computer 
security  organizations  to  recom¬ 
mend  changes  to  programs. 
Requires  2  yrs  exp.  on  help 
desk/response  team  answering 
questions,  applying  knowledge 
of  computer  software,  network¬ 
ing,  hardware  and  procedures; 
working  knowledge  of  firewalls, 
virtual  private  networks  and 
security  intrusion  detection  sys¬ 
tems.  M-F;  8am-5pm;  $85,000/ 
yr.  Respond  by  resume  to 
Employment  Programs,  PO  Box 
46547,  Denver,  CO  80202  and 
respond  to  JON  CO5068599. 


WEB  DEVELOPMENT 
ANALYST  III 

ADT  Security  Services,  Inc.  has 
multiple  openings  in  Boca 
Raton,  Florida  for  Web  Develop¬ 
ment  Analysts  III. 

Analyze  business  procedures 
and  problems  to  develop  specifi¬ 
cations  and  convert  them  to  pro¬ 
grammable  form  for  electronic 
data  processing.  Confer  with 
organizational  units  involved  to 
determine  specific  web  output 
requirements.  Study  existing 
data  systems  to  evaluate  effec¬ 
tiveness  and  develop  new,  or 
modify  current,  web  systems  to 
improve  production  workflow. 

Must  possess  at  least  a  bache¬ 
lor's  or  its  equivalent  in  Com¬ 
puter  Science  or  a  related  field, 
and  relevant  work  experience. 
Experience  must  include  J2EE 
Certification  (Sun  Microsystems, 
etc.);  web  development  experi¬ 
ence,  including  Electronic  Data 
Interchange  (EDI);  and  experi¬ 
ence  with  Oracle,  SQL, 
WebSphere  Administration  and 
XSLT. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  WDA/SSS  or  it  will  be 
rejected. 

Forward  resume  to  Theresa 
Maia,  ADT  Security  Services, 
Inc.,  One  Town  Center  Road, 
Boca  Raton,  FL  33486. 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis/Collierville,  TN:  Senior 
Technical  Analyst.  Research, 
evaluate,  implement  and  coordi¬ 
nate  changes  to  computer  sys¬ 
tems/applications.  Require¬ 
ments:  Bachelor's  degree*  or 
equivalent  in  computer  science, 
math,  engineering  or  related 
field  plus  5  years  of  experience 
in  systems/applications  develop¬ 
ment,  including  programming. 
Experience  with  Java,  Jkarta 
Struts  architecture  and  Web- 
Logic  application  server  technol¬ 
ogy  also  required.  "Master's 
degree  in  appropriate  field  will 
offset  2  years  of  general  experi¬ 
ence.  Submit  resumes  to  Sibi 
George,  FedEx  Corporate  Ser¬ 
vices.  1900  Summit  Tower  Blvd., 
Suite  1400,  Orlando,  FL  32810. 
EOE  M/F/D/V. 


STAFF  IS  ANALYST/ 
ORACLE  DB  ADMIN. 

Resp.  for  the  installation,  config. 
&  maintenance  of  proprietary 
Oracle  dbase  mgmt  sys. 
Specific  duties  inch  (i)  analyzing, 
planning,  dsgng,  dvlpng.  implm- 
ntng  &  documenting  complex 
info,  technology  projects;  (ii) 
coordinating  Oracle  dbase  plan¬ 
ning,  capacity  planning  &  Oracle 
related  stndrds;  (iii)  validating 
project  plans  &  activities  to 
ensure  successful  implementa¬ 
tion;  (iv)  solving  complex  info, 
technology  problems  &  provid¬ 
ing  effective  solutions;  (v)  incor¬ 
porating  approved  changes  & 
new  technologies  into  existing 
systems  &  services;  (vi)  prepar¬ 
ing  &  tracking  project  implemen¬ 
tation  plans,  incl.  project 
cost/benefit  analysis;  (vii) 
debugging  Oracle  coding;  &  (viii) 
participating  in  Quality  Imp¬ 
rovement  Process.  B.S.  in 
Science-related  field  reqd  +  2 
yrs  exp.  in  position  offered  or  as 
a  Dbase  or  Sys.  Admin.  Exp. 
must  incl.  installation,  mainte¬ 
nance  &  service  of  Oracle- 
based  dbases  in  UNIX  &  NT 
platforms  utilizing  Oracle  7,  8,  9i, 
Vis.  Basic,  OEM  &  shell  scripts 
computer  tools.  40  hrs/wk,  OT 
as  reqd,  8  am  -  5  pm, 
$92,500/yr.  Qualified  applicants 
submit  resumes  to:  Site 
Manager,  Beaver  County 
CareerLink,  2103  Ninth  Avenue, 
Beaver  Falls,  PA  15010-3957. 
Please  refer  to  Job  Order  No. 
WEB  393791. 


Sr.  Computer  Security  Engineer 
sought  by  network  security 
device  manufacturer  in 
Broomfield,  CO  to  work  in 
Broomfield  and  other  unantici¬ 
pated  job  sites  in  the  U.S.  to,  at 
a  senior  level,  research,  evalu¬ 
ate,  recommend  and  implement 
high-end,  fault-tolerant  data 
communications  networks  that 
utilize  TCP/IP  protocol,  routers, 
switches  and  Checkpoint  fire¬ 
walls.  Develop  procedures  for 
installation,  use,  and  problem 
solving  of  data  communications 
networks,  addressing  customer 
requirements  and  security 
issues.  Assist  users  to  identify 
and  solve  data  communication 
problems.  Oversee  installation 
of  data  communication  and  net¬ 
working  hardware.  Engage  in 
project  management  as 
required.  Requires  master's  or 
foreign  equivalent  in  computer 
science  or  related  field  including 
telecommunications  engineer¬ 
ing;  1  yr  exp  implementing  high- 
end,  fault  tolerant  data  commu¬ 
nications  networks  that  utilize 
TCP/IP  protocol,  routers,  switch¬ 
es  and  checkpoint  firewalls; 
CCSE  and  MCSE  certifications. 
M-F;8am-5pm;  $108,000/yr. 
Respond  by  resume  to  Employ¬ 
ment  Programs,  PO  Box  46547, 
Denver,  CO  80202  and  respond 
to  JON  CO5068585. 


Network  Eng  to  design,  install,  & 
maintain  computer  networks 
using  Foundry,  Serverlron  XL 
switches,  Cisco  2500,  4000  & 
7200  router,  Cisco  2950/3550  & 
HP  Procurve  switches,  Cisco 
PIX  515,  Sangoma  Tl  cards, 
Netscreen,  TCP/IP,  Subnetting, 
DNS,  SNMP,  GP4,  RIP,  OSPF, 
SMTP,  DHCP  on  Linux,  Sun  & 
Win.  Platforms;  consulting  on 
network  design/  arch.;  network 
security  through  firewalls/  IDS; 
administer  email  servers  in  MS 
Xchange  &  qmail;  disaster 
recovery;  troubleshoot  servers 
on  various  operating  sys.; 
design  high  availability  clusters 
on  diff.  platforms  for  provide 
max.  uptime.  Comp  Salary.  BS 
in  Electronics  Eng.  Or  equiv.  +  2 
yrs.  exp.  in  job  duties.  Apply  to 
Vertex  Soft,  Inc.,  2  Lavender 
Drive,  Princeton,  NJ  08540  with 
proof  of  perm.  Work  authzn. 
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Programmr/SW  Enginrs/ 
Analysts  needed.  Candi¬ 
dates  to  possess  MS/BS  or 
equivlt  and/or  relevt  work 
exp.  Work  with  some  of  the 
following:  Visual  basic, 
ASP,  VB  Script,  Java, 
Javascript,  XML.XSL,  Cold 
Fusion,  MS  Project,  JDBC. 
Must  be  willing  to  travel 
and  relocate  as  requ'd.  Fax 
resume  to:  Gebbs  Soft¬ 
ware  International;  Fax: 
201-227-2060,  Attn  HR 
Dept. 


Software  Engineer,  Framing¬ 
ham,  MA;  Analyze,  design, 
develop,  test  and  customize 
client/server  architecture  using 
Oracle,  VAJ,  DB2,  JDBC, 
WAS,  Silkperformerv,  Team- 
site,  XML,  IBM  Directory  Ser¬ 
ver  and  Java.  Provide  Technic¬ 
al  support.  Req'd.  Bachelors  in 
Computer  Science  or  Engin¬ 
eering  or  Math.  1  yr.  exp.  in  job 
offered.  40  hrs/wk,  9:00am- 
6:00pm,  Mon-Fri,  $65,000/yr. 
Mon-Fri.  Submit  two  (2)  copies 
of  resumes  in  response  to: 
Case  #200203583,  Division  of 
Career  Services,  Labor  Certifi¬ 
cation  Unit,  19  Staniford  St., 
1st  FI.,  Boston,  MA  02114. 


Software  Engineer,  TX  and  at 
various  client  sites  in  US: 
Perform  analysis,  design,  devel¬ 
opment,  deployment  of  web 
based  applications  with 
JAVA/J2EE  architecture;  provide 
E-commerce  solutions.  Use 
JAVA,  EJB,  JSP,  SERVLETS, 
XML,  XSLT,  JAXP,  LDAP,  Java 
Script  &  DHTML.  Develop  client 
side  &  Intranet  applications. 
Req:  Bachelors  in  Computer 
Science  or  related  +  2  yrs  in  job 
or  2  yrs  as  Programmer  Analyst 
for  web-based  applications.  Mail 
resume  to  HR,  Database 
Resources,  Inc.,  5700  Glenview 
Ln„  The  Colony.  TX  75056. 


Amtex  provides  high-quality 
end-to-end  software  solutions. 
We  need  IT  professionals  to 
develop  software  system,  write 
SQR  to  load  data  from  legacy 
system  to  PeopleSoft;  use 
PeopleSoft  Financials  (GL,  AR, 
AM,  AP),  Oracle,  SQR.  Cobol, 
SQL.  Contact: 

info@amtexsystems.com.  EOE. 

Programmer/System  Analysts, 
Software/Project  Engineers 
wanted  by  Atserv,  Inc.  Minimum 
requirement  is  BS  plus  experi¬ 
ence  using  Oracle,  Visual  Age. 
Visual  InterDev.  Position  is  long 
term.  We  sponsor  H  &  green 
card.  Competitive  wage  plus 
benefits.  Apply  at: 
murali@atserv.com.  EOE. 


IT  Professionals  needed. 
Bristol,  PA  company  is  seek¬ 
ing  qualified  candidates  for 
several  senior  and  mid-level 
postions  including:  Software 
Engineers,  Programmer  Ana¬ 
lysts,  IT  Business  Managers. 
Requires  MS/BS  or  equiva¬ 
lent  and/or  rel.  work  exp. 
Email  res.,  ref.  &  sal.  req.  to: 
resume@suryasys.com 


Senior  Software  Engineer 
sought  in  Boston,  Massa¬ 
chusetts  area  for  development 
of  internet  based  software  for 
financial  and  administrative 
functions  of  healthcare  organi¬ 
zations.  Requirements  are 
Bachelor's  degree  in  engineer¬ 
ing  or  the  equivalent,  and  two 
years  experience  in  VB/ 
VBScript,  Java/JavaScript,  SQL 
Server,  System  Domain  admin¬ 
istration,  HTML/XML,  relational 
databases,  IIS,  networking, 
client/server,  Nt4. 0/2000,  and 
Microsoft  development  tools. 
Send  applications  to  Rec¬ 
ruitment,  Req.  No.  2083,  P.O. 
Box  1070,  Burlington,  Vermont 
05402-1070. 


SOFTWARE  DEVELOP¬ 
ER  wanted  by  remote 
monitoring  system  co.  in 
Houston,  TX.  Must  pos¬ 
sess  degree  &  exp. 
Respond  by  resume  only 
to:  HR  Dept.,  M/A- #10,  V 
Monitor,  Inc.,  10000  Old 
Katy  Rd.,  Suite  100B, 
Houston,  TX  77055. 


Web/Database  Application 
Developer.  Create,  maintain, 
and  support  Web/Database 
applications.  Develop  and  main¬ 
tain  online  store  program. 
Design,  develop  and  maintain 
company  website.  Bachelor's 
degree  in  computer  science  or  in 
electrical  engineering  and  two 
years  related  experience.  Send 
resume  to  Chang-Sheng,  Inc., 
HR  Dept.,  10641  Harwin  Drive, 
Suite  502,  Houston,  TX  77036. 


COMPUTER  SOFTWARE 
ENGINEER  for  North 
Bergen  based  telecommu¬ 
nications  co.  to  develop, 
create  and  modify  applica¬ 
tions  software  and  special¬ 
ized  utility  programs.  Min. 
req.  BA  +  4  yrs.  exp.  in 
telecommunications  indus¬ 
try.  Send  resumes  to  Tele 
Express  Telecommunica¬ 
tions  XII,  7800  River  Road, 
North  Bergen,  NJ  07047. 


Senior  Developer  to  work  w/ 
PM4CICS  in  Tampa,  FL.to  lead 
software  development  team  in 
analysis/research  of  info  to 
oversee,  coordinate  produc¬ 
tion,  analysis,  design,  testing, 
training  of  computer  software 
developed  in  Assembler,  Co¬ 
bol,  C++  and  Rexx  on  IBM 
mainframes,  incl.  CICS  exits 
f/enhancing  product  functionali¬ 
ty,  Req.  B.S.  in  comp  sci,  info 
sys  or  rel  field,  (or  equiv  based 
on  educ  and/or  exp)  +  5  yrs  exp 
in  job  offered  or  5  yrs  system 
programming  exp  w /  CICS 
Transaction  Server/CICS  relat¬ 
ed  software.  Resumes  to:  C. 
Longworth,  CommerceQuest, 
Inc., 2202  N  West  Shore  Blvd., 
Suite  600,  Tampa.  FL,  33607. 


Seeking  DBAs  &  Oracle 
DBAs  (S70-75K),  Oracle 
ProC  Developers  & 
Systems  Analysts  ($84- 
86K)  for  various  US 
locations.  BS/BA  in  rele¬ 
vant  field  +  2yrs  exp. 
Resume  to  Upp  Bus¬ 
iness  Systems,  3075 
Highland  Parkway, 
Downers  Grove,  IL 
60515. 


Computers  -  Programmer 
Analysts  needed.  Seeking  qual. 
candidates  possessing  MS  or 
equiv.  and/or  relevant  work  exp. 
Part  of  the  req.  relevant  exp. 
must  include  1  year  working  with 
Tuxedo  &  Tibco.  Duties  include: 
Design,  develop  &  maintain  soft¬ 
ware  systems  according  to  client 
specifications;  Design  &  develop 
code  instrumentation  framework 
for  online  monitoring  of  OLTP 
system;  Work  with  C/C++,  Java, 
Unix,  Informix,  MQ,  Tibco  & 
DB2.  Mail  resume  &  ref.  to: 
Object  Solutions,  Inc.,  Attn:  HR, 
3025  Harbor  Lane,  #312, 
Plymouth,  MN  55447-5119. 


Computer  Operations  Manager  - 
Hallandale,  FL.  Plan,  evaluate, 
develop  and  implement  cus¬ 
tomer  service  and  Call  Center 
projects  to  companies  interested 
in  the  Hispanic  and  Latin 
American  market.  Diagnose  and 
design  telecommunications,  net¬ 
works  and  VOIP  software  & 
hardware  for  E-1  systems. 
Control  operational  budget  and 
expenditures.  Manage,  maintain 
and  expand  IT  disaster  recovery 
and  contingency  plans  Firm 
wide.  Knowledge  of  Hispanic/ 
Latin  markets  &  Spanish  pre¬ 
ferred.  BS  Electrical  Engineer  or 
equivalent  plus  2  yrs  exp  in  job 
offered.  Fax  resume  to  Viga 
Corp  attn.  Human  Resources  at 
954-455-5858. 


Senior  Software  Engineer  (with 
Masters  degree  and  3  years 
experience  or  Bachelors  and  8 
years  of  experience)  -  Job 
entails  and  requires  experience 
in  design  and  development  of 
commercial  applications  using 
DB2,  Cobol,  JCL,  CICS  and 
TSO/ISPF.  Attractive  compen¬ 
sation  package.  Send  resume 
to  Catherine  Fanucchi,  65  Water 
Street,  Norwalk,  CT  06854. 


ENGINEER,  ELECTRONICS/ 
SOFTWARE  RESEARCH  (Lin¬ 
colnshire,  IL),  wanted  by  multi¬ 
national  electronics  manufactur¬ 
er  with  R&D  Center  and  head 
office  in  Korea  to  conduct  and 
report  on  research  and  testing 
on  iris  recognition  technology. 
Must  be  fluent  in  Korean. 
Respond  to  Linda  Walsh,  HR 
Manager,  LG  Electronics  USA, 
Inc.,  2000  Millbrook  Drive, 
Lincolnshire,  IL  60069  or  fax  to 
847-941-8200. 


Project  Manager  -  Oversee  in¬ 
stallation  of  computer  telecom¬ 
munications  integration  systems 
at  client  sites.  Obtain  system 
acceptance  at  completion.  Req’d: 
Bach.  Deg.  in  Comp.  Science, 
Business  Admin.,  or  Eng'g,  5yrs. 
exp.  in  the  job  offered,  as  a 
Systems  Eng.,  or  in  a  computer 
telecommunications  integration 
occup.  Must  have  exp.  w /  LAN, 
WAN,  PBX,  &  CTI.  Must  be  flu¬ 
ent  in  Spanish  &  willing  to  travel 
extensively  through  out  the  US, 
Central,  &  S.  America  Resume 
to:  NICE  Systems.  Inc.  301  Rte 
17  N.,  10th  Fl„  Rutherford,  NJ 
07070.  Attn:  Geraldine  Farese. 


National  Amusement  Network, 
Inc.  seeks  Senior  Java  Deve¬ 
loper  to  work  in  Fort  Collins,  CO. 
Provide  direction  and  technical 
assistance  to  team  of  Java 
developers  engaged  in  design¬ 
ing  and  developing  embedded 
software  systems  for  automated 
coin-operated  equipment  and 
customer  interfaces  using  open 
source  software.  Requirements 
include  Bachelor's  in  computer 
science  or  closely  related  field; 
working  knowledge  of  designing 
and  developing  embedded  soft¬ 
ware  systems  and  customer 
interfaces  for  coin-operated 
equipment  using  open  source 
software.  Java  certified  pro¬ 
grammer,  such  as  Sun  certified 
programmer  for  Java.  Respond 
via  resume  to  Steve  Benoit. 
NANI,  1133  Laporte  Ave,  Fort 
Collins,  CO  80521,  referring  to 
#4790HZ. 


Sr.  Software  Engineers  needed 
at  client  sites  to  dvlp  &  test  pro¬ 
jects  using  C++,  HP-UX, 
CORBA,  Oracle,  PL/SQL,  XML, 
&  IBM  MQ  Series,  integrating 
subsystms  &  analyzing  &  dvlpg 
systms  providing  product  sup¬ 
port  &  enhancements.  Perform 
data  migration,  unit  testing  & 
integration  testing.  Send  resume 
to:  Global  Consultants,  Attn: 
Hireme,  25  Airport  Rd, 
Morristown,  NJ  07960. 


SOFTWARE  ENGINEER  (Lin¬ 
colnshire,  IL),  experienced, 
wanted  by  US  office  of  electron¬ 
ics  manufacturer  to  develop 
company's  e-commerce  and 
transport  warehouse  manage¬ 
ment  systems.  Must  have 
knowledge  of  EXCEED,  i2, 
WebMethods,  WebServices, 
JAVA  Servlets,  J2EE,  JSP,  EJB, 
DB2/400.  Respond  to  Linda 
Walsh,  HR  Manager,  LG 
Electronics  USA,  Inc.,  2000 
Millbrook  Drive,  Lincolnshire,  IL 
60069  or  fax  to  847-941-8200. 


Software  Engineer  -  OmniPros, 
a  worldwide  provider  of  soft¬ 
ware  solutions  seeks  motivated 
Software  Engineers,  Network 
Administrators/Engineers,  IT 
Analysts,  and  Business  Devel¬ 
opment/Technical  Operations 
Management.  Multiple  Posi¬ 
tions  available  in  Chicago,  II 
and  San  Jose,  Ca.  Please  e- 
mail  resume  to  careers@ 
omnipros.com,  fax  resume  to 
408-944-0719,  or  mail  resume 
to:  OmniPros  Ltd.  99  W. 
Tasman  Drive,  Ste  205  San 
Jose,  CA  95134. 


IT  Education  &  Training  Directory 

Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 
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Network  World  Seminars 
and  Events  are  one  and  two- 
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aLMinHIIo&.CTCIIIa  cities  nationwide  covering 
the  latest  networking  technologies.  All  of  our  seminars  are 
also  available  for  customized  on-site  training.  For  complete 
and  immediate  information  on  our  current  seminar  offerings, 
call  a  seminar  representative  at  800-643  4668,  or  go  to 
www.nwfusion.com/seminars. 
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Gamers 

continued  from  page  1 

Battlefield  1942  and  Xbox  Live  has  soared, 
professional-grade  competitions  have 
sprouted  worldwide.  And  they  pay  cash 
prizes  that  are  getting  bigger  every  year. 

The  Cyberathlete  Professional  League 
(CPL),a  tournament  organizer,  will  award 
a  half  million  dollars  in  cash  prizes  this 
year  in  the  U.S.,plus  another  $100,000 
internationally  —  and  that  doesn’t  include 
$200,000  in  merchandise  prizes, says 
Angel  Munoz,  group  president.  He  con¬ 
trasts  this  booty  with  the  CPUs  first  year, 
1997,  when  the  grand  total  was  “maybe 
$4,000  in  merchandise.” 

The  CPL  is  only  one  of  a  growing  num¬ 
ber  of  organizers  hosting  cash-rich  tourna¬ 
ments.  Microsoft’s  inaugural  XSN  Sports 
World  Championship  for  Xbox  players 
gave  away  $30,000.This  included  a  lump¬ 
sum  $25,000  won  last  month  by  David 
Muellerweiss,  19,  of  Chapel  Hill,  N.C. 

With  that  kind  of  money  circulating,  a 
handful  of  folks  have  turned  gaming  from 
a  pastime  into  a  full-time  living  —  and  a 
darn  good  one,  too. 

Take  Jonathan  Wendel,  for  example. 
Better  known  by  his  screen  moniker, 
“fatality  Wendel  is  widely  regarded  as 
the  first  pro-gamer  superstar.  As  three¬ 
time  CPL  Champion  of  the  Year,  he's  won 
$200,000  in  the  past  four  years,  plus 
prizes  such  as  his  current  car,  a  custom- 
painted  Ford  Focus  ZX3.  He  also  gets 
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paid  for  doing  product  endorsements 
and  generates  income  from  his  newly 
founded  company, Fatality, which 
builds  gaming  gear. 

Thanks  to  growing  television  coverage 
of  tournaments  —  and  the  gamers  them¬ 
selves  —  fatality’s  face  is  widely  recog¬ 
nized.  He’s  been  featured  on  ESPN,  USA 
Networks  and  The  Discovery  Channel, 
and  starred  in  a  four-month  reality  series 
on  MTV  Add  in  the  eight-hour-a-day 
training  schedule  and  the  public  recog¬ 
nition,  and  by  all  accounts  he’s  got  the 
sports  star  life. 

“It  used  to  be  that  I  could  go  around 
to  malls  unnoticed,  but  when  I  went  out 
to  clubs  people  knew  who  I  was.  Now  a 
lot  of  times  it’s  the  moms  at  the  store 
that  stops  me  and  ask  for  my  autograph, 
not  just  the  little  8  year  olds,”  he  says. 

Looks  like  sport 

Tournament  organizers  such  as  the 
CPL  have  begun  pushing  for  computer 
gaming  to  be  recognized  as  a  bona  fide 
sport  in  the  U.S. —  on  par  with  other 
sports  such  as  car  racing  or  bowling. 
Munoz  created  the  CPL  with  that  goal  in 
mind. “When  1  launched  the  CPL,  the 
kindest  reaction  that  I  got  from  people 
was  a  smirk  —  everyone  thought  it  was 
the  most  ridiculous  thing  they  had  ever 
heard  —  gamers  as  professional  ath¬ 
letes?” 

Not  so  anymore.  Gaming  already  has 
become  sanctioned  as  a  sport  in  China, 
Korea,  Russia  and  Malaysia.  And  why  not? 
Gaming  organizations  already  have  all 
the  attributes  of  other  sports  leagues, 
Munoz  argues.“We  didn’t  invent  anything 
new  as  a  sports  league  —  we  have  the 
same  structure,”  he  says  of  the  CPL’s  four 
methods  to  earn  revenue:  sponsorships, 
player  fees,  spectator  admission  tickets 
and  television  media  contracts.“Are  the 
[revenue]  numbers  comparable  to  exist¬ 
ing  sports  in  the  world?  No.  But  it’s  just  a 
matter  of  time.” 

As  for  tournaments  on  television,  orga¬ 
nizers  are  serious  about  this,  too. “They  can 
be  amazing  competitions  especially  if  it 
really  goes  down  to  the  wire.  If  it’s  pack¬ 
aged  up  properly  and  presented  well,  it 
has  good  entertainment  value,” says  Mike 
Lucero,  Microsoft’s  Xbox  Live  tournament 
organizer. 

The  CPL  already  streams  video  coverage 
of  its  games  on  the  Internet, says  its  net¬ 
work  designer,  Monte  Fontenot.  Plus,  the 
league  has  recently  negotiated  a  contract 
for  coverage  from  a  U.K.  television  produc¬ 
er  that  sells  its  videos  to  various  cable 
channels. 

Players  give  credibility  to  the  idea  of 
gaming  as  a  sport.  For  instance,  Wendel 
and  Muellerweiss  are  accomplished  foot¬ 
ball  and  baseball  players,  and  Wendel  is  a 
champion  billiards  player. 

While  Muellerweiss  admits  that  sitting  in 
a  chair  is  contrary  to  the  notion  of  sports, 
he  says  “there  are  a  lot  of  similarities.  If 
you  play  a  sport,  you  learn  a  lot  about  it 
and  you  can  use  your  knowledge  and 
strategy  on  your  game.”That  plus  practice 


David  Muellerweiss,  right,  winner  of  the  XSN  World 
Championship  for  Xbox  players,  shakes  hands  with 
basketball  star  Shaquille  O'Neal. 


and  excellent  hand-eye  coordination  are 
the  critical  pieces  to  win  a  professional 
computer  tournament,  he  says. 

Sponsors  say  the  idea  of  computer 
gaming  as  a  U.S.  professional  sport  is 
gaining  momentum. “There  is  more  pro¬ 
fessionalism  among  the  teams,  including 
the  addition  of  team  managers,  large 
team  sponsorship  contracts, and  the 
teams  getting  somewhat  of  a  celebrity 
status  among  non-professional  gamers,” 
says  Linda  Kohout,  a  marketing  manager 
for  chip  maker  Advanced  Micro  Devices 
(AMD),  a  major  pro-game  sponsor. “The 
prize  money  has  also  increased.” 

The  payoff  to  sponsors  is  that  gamers 
are  demonstrators  and  buyers  of  state- 
of-the-art  technology. “Cyberathletes  are 
opinion  leaders  in  gaming  so  it  is 
important  for  AMD  to 
develop  relationships 
with  the  community” 

Kohout  says. 


A  network  of  controversy 

But  follow  any  money  trail  and 
you’ll  soon  run  into  controversy. 
Putting  on  a  professional  tournament 
isn’t  just  a  matter  of  rounding  up  the 
prize  money.  So  found  Cyber  X 
Games,  best  known  for  the  tourna¬ 
ment  it  organized  at  January’s 
Consumer  Electronics  Show  in  Las 
Vegas.  Organizers  promised  to  give 
away  more  than  $150,000  in  cash  and 
prizes  during  the  four-day  event. 

But  Cyber  X  Games  ran  into  network 
trouble  with  its  Counter-Strike  compe¬ 
tition.  While  the  details  of  the  net¬ 
work’s  glitch  are  in  dispute,  Cyber  X 
reportedly  blamed  the  trouble  on  the 
distribution  of  a  software  patch  to 
thousands  of  Counter-Strike  partici¬ 
pants.  Others  close  to  the  situation 
said  that  the  network  outage  was  caused 
by  a  connection  to  the  Internet  that  was 
too  small,  among  other  network  design 
issues  —  which  in  turn  was  caused  by 
weak  event  planning. 

In  any  case,  the  network  could  not 
accommodate  the  number  of  matches  it 
needed  to  run  for  the  double-elimina¬ 
tion  tournament.  Organizers  cancelled 
the  Counter-Strike  matches  and  other 
games. They  attempted  to  organize  exhi¬ 
bition  matches  as  a  way  to  distribute  the 
promised  prize  money,  but  technical  — 
and,  some  say,  organizational  —  prob¬ 
lems  continued.  Questions  remain  over 
what  exactly  happened  to  the  money. 
Cyber  X  President  Joe  Hill  isn’t  talking, 
and  several  sources  confirm  that  legal 
action  against  the  company  is  underway. 

All  of  which  under¬ 
scores  just  how  serious 
computer  games  have 
become.  ■ 


Get  more  information  online. 
DocFinder:  9942 
www.nwfusion.com 
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types  of  disks  based  on  user-set  rules. 

•  Data  Instant  Replay,  which  lets  users  re¬ 
cover  data  within  minutes. 

•  Remote  Instant  Replay  which  lets  users 
replicate  data  to  or  from  distant  locations. 

Storage  Center  will  compete  with  mid¬ 
range  EMC  Clariion,  HP  StorageWorks  and 
IBM  TotalStorage  Fast  products.  Unlike 
those  products,  customers  don’t  have  to 
buy  separate  software  to  manage  their  stor¬ 
age.  The  product  also  is  differentiated  from 
existing  arrays  in  that  it  has  both  Fibre 
Channel  and  iSCSI  connections  so  users 
can  attach  it  to  a  SAN  or  Gigabit  Ethernet 
network.  Storage  Center  also  lets  users  mix 
and  match  drive  sizes  and  speeds. 

Carla  Hedding,  network  administrator 
with  accounting  firm  Wolf  Etter  in  Man- 
kato.Minn., chose  Storage  Center  when  she 
moved  from  server-attached  storage  to  a 
storage-area  network  (SAN).  While  in¬ 
stalling  Storage  Center,  Hedding  underesti¬ 
mated  the  amount  of  storage  space  she 
needed. When  she  went  to  bring  up  the  sys¬ 
tem,  it  failed.  She  added  more  drives  and 
then  restored  data. 


“In  our  old  environment  if  the  servers 
failed,  backup  from  tape  would  have  taken 
days,”  Hedding  says.  “With  Compellent’s 
Data  Instant  Replay,  we  were  able  to  roll 
back  and  restore  the  data  within  a  couple 
hours.” 

Analysts  say  Storage  Center  will  simply 
customer  choices. 

“Compellent  is  giving  customers  a  lot  of 
options  and  functionality  without  having 
to  make  a  lot  of  hard  technology  choices,” 
says  Peter  Gerr,  senior  analyst  for  the 
Enterprise  Storage  Group. 

“With  the  Compellent  box,  customers 
don’t  have  to  integrate  connectivity,  soft¬ 
ware  functionality  and  hardware  them¬ 
selves,”  Gerr  savs.“Rather  than  buying  a  disk 
array  with  absolutely  no  software  and  hav¬ 
ing  to  integrate  separate  software  pack¬ 
ages,  Compellent  applications  can  be  sim¬ 
ply  turned  on  in  the  system.” 

The  Storage  Center  starts  at  less  than 
$30,000.  Applications  such  as  Data  Instant 
Replay  start  at  less  than  $10,000  each  * 

Storage 

Subscribe  to  our  Tree  newsletter. 
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Fighting  spam:  My  theory  (Part  2) 

L 


ast  week  I  started  to  outline 
what  I  see  as  the  only  way  to 
cure  the  spam  problem  for  con¬ 
sumers  and  businesses.  My  plan 
requires  a  mechanism  for  the  e-mail 
recipient  to  be  able  to  verify  the 
sender,  to  some  level. 

You  could  set  the  minimum  level  of 
verification  for  people  who  aren’t  on  your  whitelist 
as  requiring  proof  that  the  sender  exists  or,  if  you  are 
a  little  more  picky,  that  you  must  know  the  sender’s 
identity  before  you  will  accept  his  messages. 

Or  you  might  require  that  the  sender  be  vouched 
for  by  an  institution.  Banks  and  credit  card  compa¬ 
nies,  for  example,  could  issue  certificates  to  cus¬ 
tomers  that  present  credentials  (such  as  drivers 
license,  major  credit  card  and  Social  Security  num¬ 
ber). The  issuer  then  would  provide  the  certificate 
details  to  install  in  an  e-mail  client  or,  if  the  issuer  is 
going  to  sign  messages  on  behalf  of  its  customers, 
provide  details  of  the  proxy  server. 

Certificates  also  could  be  portable  —  get  a  bank 
account  and  the  bank  will  accept  the  certificate 
from  your  insurance  company. The  bank  would  test 
the  certificate’s  validity  and  then  be  added  to  the 
list  of  certificate  references.  If  we  can  verify  the 
sender’s  identity  and  his  sponsors  then  we  can  get 
a  good  idea  if  he  should  be  trusted. 


If  you  think  a  sender  is  a  spammer, you  should  be 
able  to  send  the  message  to  the  abuse  desk  at  the 
certificate  authority  which  would  route  the  com¬ 
plaint  to  the  certificate  issuer. The  issuer  would  act 
according  to  its  published  policy,  perhaps  by  remov¬ 
ing  itself  as  a  reference  or,  if  its  policy  lets  it  actually 
control  the  certificate,  revoking  or  suspending  it. 

On  the  other  hand,  that  wouldn’t  be  necessary 
because  you  would  just  add  the  sender  to  your 
blacklist.  If  you  got  spam  from  lots  of  senders  who 
were  sponsored  by  say  FlyByNight  Enterprises,  then 
you  could  refuse  messages  from  anyone  with  a  cer¬ 
tificate  issued  or  referenced  by  that  company. 

Could  this  system  be  hacked?  Probably.  Would 
such  a  hack  be  effective  for  long?  No,  because  the 
system  would  be  flexible  and  could  accommodate 
and  overcome  faults.  It  wouldn’t  be  centralized  or 
owned  by  a  single  entity,  and  if  there  were  enough 
certificate  authorities  and  enough  sponsors,  there 
would  be  no  single  point  of  failure. 

So  how  to  bootstrap  this  proposition.  If  a  consor¬ 
tium  of  interested  parties  (e-mail  product  develop¬ 
ers,  businesses,  government,  consumer  groups  —  all 
interested  because  spam  is  causing  them  real 
financial  problems)  were  to  back  such  a  scheme,  it 
probably  would  be  easy  to  get  an  open  source 
development  program  going  and  effect  a  change¬ 
over  to  authenticated  e-mail  in  perhaps  a  year.  And 


remember,  not  everyone  needs  to  use  it.  Aunt  May 
can  still  send  you  messages;  you  just  have  to  be 
willing  to  accept  them. 

Now  there  are  lots  of  issues  here  about  the  way 
certificates  could  be  used  and  revoked,  but  the 
point  is  that  we’re  using  existing  infrastructure  and 
well-tested  technologies,  and  not  relying  on  ISPs  to 
build  and  manage  infrastructure  they  have  no  real 
need  for  and  can’t  afford  to  build  and  manage  any¬ 
way.  Moreover,  we’re  giving  all  the  interested  parties 
—  consumers,  businesses  and  institutions  —  a  busi¬ 
ness  reason  to  support  the  system. 

But  hold  hard!  You  might  have  noticed  a  few  news 
items  discussing  Bill  Gates’  proposal  for  an  e-mail 
caller  ID  system,  which  has  the  backing  of  Amazon, 
com,  Brightmail  and  Sendmail.At  the  RSA  2004 
Conference,  Gates  talked  about  what  Microsoft  calls 
“rich  safe-listing.”  Gates  said  in  his  speech: “Having 
e-mail  come  in,  and  not  really  being  able  to  identify 
where  it  comes  from,  this  is  a  huge  security  hole.” 

Right  on!  But  lets  not  get  over-excited,  folks  — 
this  is  just  a  mechanism  to  prevent  domain  spoof¬ 
ing  (see  details  at  www.nwfusion.com,  DocFinder: 
9945),  not  a  real  sender-authentication  system.  On 
the  other  hand,  at  least  there’s  a  chance  we’ll  get 
on  the  right  track. 

Valid  messages  to  backspin@gibbs.com. 
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By  Paul  McNamara 


Let's  talk  about  punishment 

You’ve  probably  seen  the  Southwest 
Airlines  commercial  in  which  an  office 
worker  unintentionally  unleashes  an  e-mail  virus  and  then  stands  in  astonish¬ 
ment  as  her  negligent  act  comes  crashing  down  —  audibly,  no  less  —  on  a  sea 
of  fellow  cubicle  dwellers. 

“Wanna  get  away?"  is  the  ad  campaign's  familiar  kicker. 

What  if  instead  of  hopping  a  jetliner  to  escape  her  embarrassment,  the  woman 
had  to  cancel  previously  made  flight  reservations  because  her  employer  was 
about  to  punish  her  irresponsibility  by  rescinding  the  only  five  vacation  days 
she  had  left? 

Wanna  get  away?  .  .  .  Next  time,  resist  the  temptation  to  open  that  attach¬ 
ment.  You  attended  the  company's  mandatory  anti-virus  training  course.  You 
signed  the  form  attesting  that  you  understand  what  you  should  and  shouldn't 
open  when  working  at  your  company-issued  desktop  —  and  you  are  fully  aware 
of  the  consequences  for  non-compliance.  Now  go  home,  unpack  your  suitcase, 
explain  to  the  family  why  you  can’t  go  on  vacation,  and  be  here  Monday  morn¬ 
ing  ready  to  do  your  job  without  keeping  others  from  doing  theirs. 

Buzz  can  be  a  hard-ass  from  time  to  time.  We're  talking  here  about  punitive 
measures  —  consequences  —  the  stick  half  of  that  much-ballyhooed  carrot  - 
and-stick  combination  that  has  served  management  well  for  eons  when  trying 
to  change  the  behavior  of  otherwise  intractable  human  beings.  Perhaps  I'm  just 
reading  the  wrong  publications,  but  it  seems  as  though  discussion  of  sticks  has 
been  conspicuously  lacking  from  the  MyDoom  stories  and  opinion  columns 
that  unfailingly  lament  the  unwillingness  and/or  inability  of  end  users  to  heed 
their  IT  advisers  and  cut  it  the  heck  out. 

Whuppin'  stick  anyone? 

Perhaps  this  is  already  happening  in  no-nonsense  workplaces.  Perhaps  it’s 


been  considered  —  or  tried  —  and  rejected  elsewhere.  Maybe  punishing  peo¬ 
ple  for  their  promiscuous  attachment  to  attachments  is  plain  beyond  the  pale.  I 
honestly  don’t  know  . .  .  and  look  forward  to  hearing  from  those  of  you  who  do. 

But  if  these  virus  outbreaks  are  actually  costing  companies  as  much  as 
experts  say  they  are  —  thousands,  tens  of  thousands,  millions  of  dollars  at  a 
clip  —  shouldn't  sticks  be  on  the  table,  too? 

By  way  of  comparison,  corporate  America  decided  that  legal  liability  from  sex¬ 
ual  harassment  lawsuits  was  simply  too  great  to  limit  prevention  strategies  to 
education  and  cajoling.  People  now  get  fired  for  that  sort  of  thing  every  day.  If 
they  didn’t,  you'd  still  see  the  office  clown  e-mailing  dirty  jokes  companywide  . . . 
and  pinups  on  workplace  walls. 

I'm  not  suggesting  anyone  get  fired  over  aiding  the  spread  of  MyDoom  or 
even  that  they  lose  so  much  as  a  single  day's  pay.  Let  the  punishment  fit  the 
crime.  If  revoking  vacation  privileges  isn't  the  answer,  I’m  sure  the  bright  minds 
of  American  industry  can  conjure  up  one  that  is  effective  and  fair. 

After  all,  there  seems  to  be  a  consensus  that  education  efforts  and  techno¬ 
logical  advances  have  taken  the  anti-virus  fight  only  so  far  and  are  unlikely  to 
ever  be  enough. 

The  objections  are  not  difficult  to  imagine,  so  allow  me  to  tick  off  a  few: 

•  We  can  presume  that  such  a  policy  would  be  as  unpopular  as  yanking  the 
free  coffee  out  of  the  company  cafeteria. 

•  Unions  will  not  be  amused  —  you  can  almost  hear  the  guffawing  of  labor 
leaders  at  the  mere  suggestion  of  holding  their  memberships  accountable? 

•  What  happens  when  it's  the  CIO  or  CEO  who  screws  up?  Who  gets  to  send 
the  boss  to  the  penalty  box? 

•  And  not  all  viruses  are  created  equal.  What  if  the  next  one  is  so  clever  that 
even  Network  World  readers  are  fooled  into  infecting  their  own  networks? 

Hey,  I  never  said  this  would  be  painless. 

Want  to  whack  the  columnist?  Address  is  buzz@nww.com. 
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Dare  to  Compare! 

NetVanta 
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Industry-Leading 

Brand 

Dual  Network  Interfaces 

✓ 
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Dual  Ethernet  Interfaces 

✓ 

sss 

Stateful  Inspection  Firewall 

✓ 
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Command  Line  Interface  (CLI) 
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✓ 

Quality  of  Service  (QoS) 
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✓ 

VLAN  Trunking 

✓ 

✓ 

Virtual  Private  Networking  (VPN) 
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Dial  Backup 

$ 
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PBX  Connectivity 

$ 

$$$$$ 

Unlimited  Telephone  Support 

Free 
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Operating  System  Updates 

Free 
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Warranty 
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1  Year 

Uncompromising  quality.  Affordable  price.  There's  no  better  value 
in  access  routers  than  the  NetVanta  3000  Series  from  ADTRAN. 


Using  a  NetVanta  3000  router,  you  can  outfit  a  remote 
location  with  complete  T1  voice  and  data  communications 
for  50%  less  than  you’re  accustomed  to  paying.  Loaded 
with  standard  features,  and  available  with  very  reasonably 
priced  options,  the  NetVanta  3000  Series  is  everything  you 
need  in  a  router  and  more.  Lower  price  isn’t  the  result  of 
cutting  corners — it’s  the  result  of  smart  engineering. 
Engineering  that’s  backed  by  a  100%  satisfaction  guarantee 
from  ADTRAN,  including  unlimited  telephone  technical 
support  (before  and  after  the  sale),  free  ADTRAN  OS  updates, 
and  a  full  five-year  warranty.  Try  a  NetVanta  3000  router  today. 
And  start  getting  more  out  of  your  router  dollar. 

Why  pay  more? 


Take  the  CLI  Challenge!  Receive  a  free  T-Shirt! 

www.adtran.com/in  fo/wh  ypa  ymore 

877.767.6022  Technical  Questions 
877.280.8416  Where  to  Buy 
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Introducing  AMD  Opteron  Servers  from  Sun, 

Sun  Fire™  V20z  servers  feature  screaming  AMD  Opteron  processors^ 
Operating  System  up  to  45%  faster  than  comparable  32-bit  systems1 

Add  the  Sun  Java™  Enterprise  System  -  Suri’s  entire  infrastructure  pdPR 
Storage  and  Services  to  experience  the  full  Sun  systems  advantage.  En 
performance  at  compelling  prices. 
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L  BASED  ON  TESTS  WITH  AMDS  OPTERON  VS.  3.2  GHZ  XEON  RUNNING  LINUX,  AMD  OPTERON  RAN  45%  FASTER  ON  SPECWEB  99SSL  -  BASED  ON  PUBLISHED  DATA  FROM  WWWSPEC.ORG  1  /22/04.  FOR  SOLARIS.  OS  MICROBENCHMARKS  PERFORMED  AN  AVERAGE 
42  FASTER  ON  AN  AMD  OPTERON  PROCESSOR  MODEL  246  (2.0  GHZ)  BASED  SYSTEM  COMPARED  TO  A  3.2  GHZ  XEON  SYSTEM.  2.  PRICING  IS  US.  UST  PRICE.  ALL  PRICES  QUOTED  ARE  IN  U  S.  DOLLARS  ■  TOLL-FREE  NUMBER  AVAILABLE  IN  THE  UNITED  STATES 

CANADA  AND  INTERNATIONAL  AMERICAS  ONLY. 

2004  SUN  MICROSYSTEMS,  INC.  ALL  RIGHTS  RESERVED.  SUN.  SUN  MICROSYSTEMS,  THE  SUN  LOGO.  SOLARIS.  THE  SOLARIS  LOGO.  JAVA,  THE  JAVA  LOGO.  AND  "THE  NETWORK  IS  THE  COMPUTER"  TAGLINE  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  FOR 
SUN  MICROSYSTEMS,  INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES.  AMD.  THE  AMD  ARROW  LOGO,  AMD  OPTERON  AND  COMBINATIONS  THEREOF,  ARE  TRADEMARKS  FOR  ADVANCED  MICRO  DEVICES.  INC. 
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